Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

atlassian/ssh-run seems to ALWAYS disables host key checking. Is that intentional?

Heine Deelstra
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 19, 2026

I noticed a message in one of my pipelines that a host key was added to known_hosts during a run of atlassian/ssh-run. A subsequent step with rsync failed on the changed host key. 

The script pipe.sh appears to do a lot of work to setup KNOWN_SERVERS_FILE, but then always invokes ssh with -o 'StrictHostKeyChecking=no'.

Is that intentional? Testing with an additional -o 'StrictHostKeyChecking=yes' on openssh's ssh shows that the second value won't override the first one.

1 answer

0 votes
Ajay _view26_
Community Champion
June 19, 2026

Hi @Heine Deelstra 

Welcome to the community!

I think your observation is worth filing as a feature request or bug report against the `atlassian/ssh-run` Bitbucket pipe repository. At minimum, exposing `STRICT_HOST_KEY_CHECKING` as a configurable variable (defaulting to `no` for backward compatibility) would let security-conscious users opt in to proper verification.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events