Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

host fingerprinting issue again

Patricia
Patricia
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 22, 2025

I am trying to set up ssh keys for my pipeline. I've done this many times before and I'm familiar with the steps, but for my past two projects I've not been able to fingerprint my server. I know about whitelisting ip-ranges, but I've whitelisted the ip4 ranges listed for inbound traffic at https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/ and I'm still not succeeding in getting a fingerprint. Additionally I don't seem to see any ip-address related to bitbucket being rejected in my firewall log, but then again it's a bit hard to see as it gets hammered quite a bit.

Note that I can reach the server if I do `ssh-keyscan -t` in my pipeline.

 

Any idea what's going on here, or how we can find out?

Answer
Watch
Like Saxea _Flowie_ likes this
139 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 23, 2025

Hi Patricia and welcome to the community!

I assume you're talking about fetching the fingerprint from the UI, from Repository settings > SSH keys > Known hosts section?

Up until yesterday, the SSH key scans from this page were running from the exhaustive set of IPs mentioned here:

An exhaustive list of IP addresses that the traffic may come from on AWS can be found by using the following endpoint, filtering to records where the service equals EC2 or S3, and using the us-east-1 and us-west-2 regions.

The developers deployed a fix today so that the SSH key scans run from the Atlassian IP ranges only, and not from the exhaustive ranges:

Can you please check first if the Atlassian IP ranges are whitelisted in your firewall? If they are, can you please try fetching the fingerprint again, and let me know if it works?

If the Pipelines step that connects to your server is running on Atlassian's infrastructure, then it needs to have a size of at least 4x and the atlassian-ip-ranges: true flag, so that it uses the Atlassian IP ranges, like in the following example:

pipelines:
  default:
    - step:
        size: 4x
        runtime:
          cloud:
            atlassian-ip-ranges: true
        script:
          - echo "I use atlassian-ip-ranges"

Kind regards,
Theodora

View More Comments
Patricia
Patricia
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 24, 2025

Hello Theodora, thank you for getting back to me! Indeed I was talking about Repository settings > SSH keys > Known hosts in the UI.

I have just re-entered all of the atlassian-ip-range addresses in our firewall allowlist, including the three new ones listed on the page you linked to, but still no luck.

Note that I don't even see a blocked attempt in our firewall log.

I do indeed have the 4x + atlassian-ip-ranges: true set in my pipeline config, and as mentioned I am able to work around the issue by adding a `ssh-keyscan -t` to my script before the push, so the pipeline works just fine. But I would like a solution for the known hosts scan in the UI.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 25, 2025

Hi Patricia,

Thank you for the update. I will check with my team again and get back to you when I have an update.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security