This article explains the configuration steps required to provide secure Zero Trust access to Atlassian BitBucket Enterprise server via Luminate Secure Access Cloud (TM).
For general information, please see the article regarding configuration of access to Git servers.
The overall topology of the solution is described by the below diagram:
Configuring access to BitBucket Web interface is a straight-forward task of configuring a web application with Luminate Secure Access Cloud (TM). In order to provide an ability to clone and modify repositories via Git command-line tool, following steps need to be taken:
1. SSH access to Git repositories needs to be enabled, as Git HTTPS access does not support advanced authentication methods (can pose security risks), and, therefore, cannot be used with Luminate Secure Access Cloud. Following Atlassian guide should be used: https://confluence.atlassian.com/bitbucketserver/enabling-ssh-access-to-git-repositories-in-bitbucket-server-776640358.html
(Please note the point about SSH Base URL below)
2. SSH access to the machine hosting the BitBucket Enterprise Server should be configured.
3. Each accessing user should should add following snippet to the ~/.ssh/config file as described in the generic Git access article. When defining the ProxyCommand in mygitdirect, instead of internal_ip, localhost should be used, and, instead of port - 7999 should be specified
4. The SSH Base URL configuration in BitBucket settings should be updated to ssh://[email protected] (according to the declaration in the snippet above) - this step is made only for convenience of the accessing users. It is not mandatory.
5. Each accessing user should define SSH Keys, as described here.