Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to add bitbucket's public key to my known_hosts file?

flaugher
flaugher March 29, 2019

I have a server that needs to run the command "git ls-remote" against one of my bitbucket Git repositories to locate a branch's commit hash.  I think I need to add bitbucket's public key to my .ssh/known_hosts file on my server in order to avoid the dreaded prompt, "The authenticity of 'bitbucket.org (ip6) can't be established."  However, I need to run this command inside a script.  How can I fetch that key inside my script and then write it to the known_hosts file?  I think I'm supposed to use the command "ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts" but when I run that command I get some extra lines that don't look like they belong in my known_hosts file:

       # bitbucket.org:22 SSH-2.0-conker... app-133           <- Don't want this line

       # bitbucket.org:22 SSH-2.0-conker... app-126           <- Don't want this line

       bitbucket.org ssh-rsa AAAAB3N...                               <- Just need this line?

      # bitbucket.org:22 SSH-2.0-conker... app-132            <- Don't want this line

I think all I want is the third line above.  Is there a command to just pull that piece of data out so I can append it to my known_hosts file?  Thanks.

Answer
Watch
Like Be the first to like this
8433 views

3 answers

0 votes
Tim Black
Tim Black July 31, 2020

@flaugher I can offer an inelegant hack that works and allows you to not disable host key checking, which is dangerous, esp if these systems are outside a firewall). 

As you initially tried, ideally we would use ssh-keyscan to obtain the host fingerprint, and shove that into known_hosts. I had this need recently, and spent an hour or so on it but was not able to get that technique working. Neither `ssh-keyscan -H hostname` nor `ssh-keyscan -H -t rsa hostname` produced the right format for known_hosts.

I ended up punting and simply did a manual git-ssh operation, and accepted the host fingerprint manually, observed the fingerprint line that was added to my known_hosts, and copied that line for subsequent use.

In my case, I'm using Ansible to provision a Jenkins cluster that needs access to an on-prem Bitbucket instance, and I needed the git clone to work out of the box without manual intervention. So once I captured the ssh fingerprint from my known_hosts, I added this line to my Ansible playbook to make sure that line exists when bringing up new Jenkins masters/minions.

Reply
0 votes
flaugher
flaugher March 30, 2019

I elected to create an SSH config file that turns off strict host key checking for my trusted host:

Host my-trusted-host.com
  StrictHostKeyChecking no

I know this is not the best solution but it is a temporary fix.

Reply
0 votes
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 29, 2019

Hi! 

As I understand your problem mostly related IPv6, 

Please, have a look that answer 

https://stackoverflow.com/questions/42888832/cant-push-pull-to-bitbucket-via-ssh-using-ipv6

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket
     AddressFamily inet

 

I hope that info will help for you. 

 

 

Cheers,

Gonchik Tsymzhitov

View More Comments
flaugher
flaugher March 30, 2019

Thanks Gonchik.  But I don't see how this is related to ipv6.  I'm just trying to figure out how to discover a bitbucket public RSA key programmatically so that I can insert it in my known_hosts file.  Perhaps bb posts it somewhere and I can just copy it into the file and push the file to my server.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events