Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Cloud SSH Host Keys replacement

aviklein
aviklein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 17, 2023

Hi, I replaced my keys yesterday like explained in this blog post: https://bitbucket.org/blog/ssh-host-key-changes

Even since, when I want to pull- I get this message:

Offending key for IP in /home/master/.ssh/known_hosts:3
Matching host key in /home/master/.ssh/known_hosts:7

Then I need to approve the pull. Every time.
How can I fix this (remove the offending key)?

There is no explanation in the post.

Thanks

Answer
Watch
Like RamirezEpling likes this
1892 views

1 answer

1 accepted

0 votes
Answer accepted
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 18, 2023

Hello @aviklein ,

The warning message you are receiving is likely related to old entries on your known_hosts file that are pointing to the bitbucket IP, instead of the domain name bitbucket.org.

To resolve this issue, you can remove the older entries and store the new ones using the following command : 

ssh-keygen -R bitbucket.org && sed -i.old -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/d' ~/.ssh/known_hosts && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

This is also covered in our Bitbucket Cloud SSH rotation FAQ.

Thank you, @aviklein !

Patrik S

View More Comments
aviklein
aviklein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 19, 2023

Cool! Seems to work now.

Thank you!

Like Patrik S likes this
jjl71
jjl71
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 22, 2023

Hi, I got similar problem as OP but after running the command above, it results like this:

 

# Host bitbucket.org found: line 13 type RSA
# Host bitbucket.org found: line 14 type ECDSA
line 15 invalid key: bitbucket.org...
# Host bitbucket.org found: line 16 type ECDSA
line 17 too long: bitbucket.org ssh-ed25519 AAAAC3NzaC1lZD...
/home/this_user/.ssh/known_hosts is not a valid known_hosts file.
Not replacing existing known_hosts file because of errors

 

Would you happen to have a fix for this?

Like
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 26, 2023

Hello @jjl71 ,

The error being returned indicates that your known_hosts files are in an invalid state, so SSH was not able to properly update it with the new bitbucket fingerprints.

In this case, I would suggest renaming the current known_hosts file to a different name, e.g. known_hosts_backup : 

mv /home/user/.ssh/known_hosts /home/user/.ssh/known_hosts_backup

and then execute the command again 

ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

so ssh will rebuild the known_hosts file from scratch.

Please note that if you have other entries in the original known_hosts files other than Bitbucket, you will need to manually copy those to the new fresh known_hosts file create when you execute the command above.

Thank you, @jjl71 !

Patrik S

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events