If your Git workflow is a saga of typing passwords and refreshing tokens then welcome to the rescue party. This guide walks you through generating a secure SSH key pair, adding the public key to Bitbucket, teaching your local Git to use SSH, and avoiding the permission drama. Technical accuracy guaranteed, sass included.

Pick a key type and make one

ed25519 is the modern, compact, and secure choice. If you are stuck in legacy land you can still use RSA 4096. Run the generator and give the key a helpful comment so you can tell which key is which later.

ssh-keygen -t ed25519 -C "you@example.com"

Press Enter to accept the default file path unless you need multiple keys, and choose a passphrase unless automation is the boss of you. A passphrase protects the private key in case your laptop decides to take an unscheduled trip.

Start the ssh agent and add your private key

The agent holds unlocked keys in memory so you are not asked for a passphrase for every push. Start it and add your key with these commands.

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

If ssh-add complains set the file permissions and try again.

chmod 600 ~/.ssh/id_ed25519

Copy your public key into Bitbucket

Display the public key and copy the entire line. Paste it into Bitbucket under Personal settings then SSH keys. Give the key a name that makes you look organized even if you are not.

cat ~/.ssh/id_ed25519.pub

Test the SSH connection

Check that Bitbucket recognizes your key and lets you in. The server will reply with a friendly confirmation if things went well. If you get permission denied it means the key was not added, the wrong key was sent, or your remote still uses HTTPS.

ssh -T git@bitbucket.org

Point your local repo to the SSH link

Grab the SSH clone link from your Bitbucket repository page. Then update the remote so Git uses SSH instead of HTTPS. Verify the remote and then fetch or push to confirm everything works.

git remote set-url origin git@bitbucket.org:workspace/repo.git
git remote -v
git fetch

Manage multiple keys with an ssh config file

If you have personal and work keys use a simple config so the right key is offered to Bitbucket. This keeps things tidy and avoids the guesswork.

Host bitbucket.org
  HostName bitbucket.org
  User git
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes

For more than one identity make a named host entry and use that host alias when setting the remote.

Host work-bitbucket
  HostName bitbucket.org
  User git
  IdentityFile ~/.ssh/id_ed25519_work
  IdentitiesOnly yes

Troubleshooting and quick tips

• If ssh -T still asks for a password you may be using HTTPS remotes. Run git remote -v and confirm the URL uses SSH.
• If ssh-add cannot find the agent rerun eval "$(ssh-agent -s)" and re add the key.
• If Bitbucket rejects the key check you copied the full contents of the public key including the header and comment.
• Use a passphrase and your OS keychain or ssh agent for daily convenience and security.

Recap

Generate a modern key pair, add the private key to your ssh agent, paste the public key into Bitbucket, test the connection, and switch your repo to the SSH clone link. After that Git will stop nagging you for passwords and you will have a cleaner, more secure setup with fewer interruptions and more time to do real work or stare meaningfully into space.