Bitbucket Cloud SSH Host Keys replacement

aviklein May 17, 2023

Hi, I replaced my keys yesterday like explained in this blog post: https://bitbucket.org/blog/ssh-host-key-changes

Even since, when I want to pull- I get this message:

Offending key for IP in /home/master/.ssh/known_hosts:3
Matching host key in /home/master/.ssh/known_hosts:7

Then I need to approve the pull. Every time.
How can I fix this (remove the offending key)?

There is no explanation in the post.

Thanks

1 answer

1 accepted

0 votes
Answer accepted
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 18, 2023

Hello @aviklein ,

The warning message you are receiving is likely related to old entries on your known_hosts file that are pointing to the bitbucket IP, instead of the domain name bitbucket.org.

To resolve this issue, you can remove the older entries and store the new ones using the following command : 

ssh-keygen -R bitbucket.org && sed -i.old -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/d' ~/.ssh/known_hosts && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

This is also covered in our Bitbucket Cloud SSH rotation FAQ.

Thank you, @aviklein !

Patrik S

aviklein May 19, 2023

Cool! Seems to work now.

Thank you!

Like Patrik S likes this
jjl71 June 22, 2023

Hi, I got similar problem as OP but after running the command above, it results like this:

 

# Host bitbucket.org found: line 13 type RSA
# Host bitbucket.org found: line 14 type ECDSA
line 15 invalid key: bitbucket.org...
# Host bitbucket.org found: line 16 type ECDSA
line 17 too long: bitbucket.org ssh-ed25519 AAAAC3NzaC1lZD...
/home/this_user/.ssh/known_hosts is not a valid known_hosts file.
Not replacing existing known_hosts file because of errors

 

Would you happen to have a fix for this?

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 26, 2023

Hello @jjl71 ,

The error being returned indicates that your known_hosts files are in an invalid state, so SSH was not able to properly update it with the new bitbucket fingerprints.

In this case, I would suggest renaming the current known_hosts file to a different name, e.g. known_hosts_backup : 

mv /home/user/.ssh/known_hosts /home/user/.ssh/known_hosts_backup

and then execute the command again 

ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

so ssh will rebuild the known_hosts file from scratch.

Please note that if you have other entries in the original known_hosts files other than Bitbucket, you will need to manually copy those to the new fresh known_hosts file create when you execute the command above.

Thank you, @jjl71 !

Patrik S

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events