Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ECDSA host keys keep changing

collinmaessen
collinmaessen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 14, 2023

After following the steps in the key changes document: https://bitbucket.org/blog/ssh-host-key-changes

We can still get this error:

Warning: the ECDSA host key for 'bitbucket.org' differs from the key for the IP address '2406:da00:ff00::22c5:2ef4'
Offending key for IP in /srv/httpd/*host*/.ssh/known_hosts:6
Matching host key in /srv/httpd/*host*/.ssh/known_hosts:11

Removing the offending lines solves this for a short time. But then it returns again.

This doesn't happen if we force our git commands to use ipv4, it only happens for traffic over ipv6.

What we want to confirm is the following:

  • That there isn't a key configuration issue for bitbucket over ipv6
  • That nuking the entire known_hosts file will permanently solve this (this is what we're going to try the next time we encounter this).
Answer
Watch
Like Be the first to like this
4587 views

1 answer

1 accepted

3 votes
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 14, 2023

Hi @collinmaessen,

The reason that you see this error is that there are entries in your known_hosts using our IPs instead of the domain bitbucket.org.

You can remove them by running

ssh-keygen -R bitbucket.org && sed -i.old -e '/AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/d' /srv/httpd/*host*/.ssh/known_hosts && curl https://bitbucket.org/site/ssh >> /srv/httpd/*host*/.ssh/known_hosts

You could also delete and recreate the known_hosts file and then copy and paste into the new file the entries from https://bitbucket.org/site/ssh. However, if you connect to other hosts via SSH as well from this machine, and you have their host keys in the known_hosts, then deleting the known_hosts file will affect the SSH connections to these hosts as well. The next time you connect to such a host via SSH you will see a prompt with the host's fingerprint, asking you if you trust the host, so that its host key gets added to known_hosts.

Kind regards,
Theodora

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events