I have a server that needs to run the command "git ls-remote" against one of my bitbucket Git repositories to locate a branch's commit hash. I think I need to add bitbucket's public key to my .ssh/known_hosts file on my server in order to avoid the dreaded prompt, "The authenticity of 'bitbucket.org (ip6) can't be established." However, I need to run this command inside a script. How can I fetch that key inside my script and then write it to the known_hosts file? I think I'm supposed to use the command "ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts" but when I run that command I get some extra lines that don't look like they belong in my known_hosts file:
# bitbucket.org:22 SSH-2.0-conker... app-133 <- Don't want this line
# bitbucket.org:22 SSH-2.0-conker... app-126 <- Don't want this line
bitbucket.org ssh-rsa AAAAB3N... <- Just need this line?
# bitbucket.org:22 SSH-2.0-conker... app-132 <- Don't want this line
I think all I want is the third line above. Is there a command to just pull that piece of data out so I can append it to my known_hosts file? Thanks.
@flaugher I can offer an inelegant hack that works and allows you to not disable host key checking, which is dangerous, esp if these systems are outside a firewall).
As you initially tried, ideally we would use ssh-keyscan to obtain the host fingerprint, and shove that into known_hosts. I had this need recently, and spent an hour or so on it but was not able to get that technique working. Neither `ssh-keyscan -H hostname` nor `ssh-keyscan -H -t rsa hostname` produced the right format for known_hosts.
I ended up punting and simply did a manual git-ssh operation, and accepted the host fingerprint manually, observed the fingerprint line that was added to my known_hosts, and copied that line for subsequent use.
In my case, I'm using Ansible to provision a Jenkins cluster that needs access to an on-prem Bitbucket instance, and I needed the git clone to work out of the box without manual intervention. So once I captured the ssh fingerprint from my known_hosts, I added this line to my Ansible playbook to make sure that line exists when bringing up new Jenkins masters/minions.
I elected to create an SSH config file that turns off strict host key checking for my trusted host:
Host my-trusted-host.com
StrictHostKeyChecking no
I know this is not the best solution but it is a temporary fix.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
As I understand your problem mostly related IPv6,
Please, have a look that answer
https://stackoverflow.com/questions/42888832/cant-push-pull-to-bitbucket-via-ssh-using-ipv6
Host bitbucket
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_bitbucket
AddressFamily inet
I hope that info will help for you.
Cheers,
Gonchik Tsymzhitov
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Gonchik. But I don't see how this is related to ipv6. I'm just trying to figure out how to discover a bitbucket public RSA key programmatically so that I can insert it in my known_hosts file. Perhaps bb posts it somewhere and I can just copy it into the file and push the file to my server.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.