I have a server that needs to run the command "git ls-remote" against one of my bitbucket Git repositories to locate a branch's commit hash. I think I need to add bitbucket's public key to my .ssh/known_hosts file on my server in order to avoid the dreaded prompt, "The authenticity of 'bitbucket.org (ip6) can't be established." However, I need to run this command inside a script. How can I fetch that key inside my script and then write it to the known_hosts file? I think I'm supposed to use the command "ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts" but when I run that command I get some extra lines that don't look like they belong in my known_hosts file:
# bitbucket.org:22 SSH-2.0-conker... app-133 <- Don't want this line
# bitbucket.org:22 SSH-2.0-conker... app-126 <- Don't want this line
bitbucket.org ssh-rsa AAAAB3N... <- Just need this line?
# bitbucket.org:22 SSH-2.0-conker... app-132 <- Don't want this line
I think all I want is the third line above. Is there a command to just pull that piece of data out so I can append it to my known_hosts file? Thanks.
As I understand your problem mostly related IPv6,
Please, have a look that answer
Host bitbucket HostName bitbucket.org User git IdentityFile ~/.ssh/id_rsa_bitbucket AddressFamily inet
I hope that info will help for you.
Thanks Gonchik. But I don't see how this is related to ipv6. I'm just trying to figure out how to discover a bitbucket public RSA key programmatically so that I can insert it in my known_hosts file. Perhaps bb posts it somewhere and I can just copy it into the file and push the file to my server.
@flaugher I can offer an inelegant hack that works and allows you to not disable host key checking, which is dangerous, esp if these systems are outside a firewall).
As you initially tried, ideally we would use ssh-keyscan to obtain the host fingerprint, and shove that into known_hosts. I had this need recently, and spent an hour or so on it but was not able to get that technique working. Neither `ssh-keyscan -H hostname` nor `ssh-keyscan -H -t rsa hostname` produced the right format for known_hosts.
I ended up punting and simply did a manual git-ssh operation, and accepted the host fingerprint manually, observed the fingerprint line that was added to my known_hosts, and copied that line for subsequent use.
In my case, I'm using Ansible to provision a Jenkins cluster that needs access to an on-prem Bitbucket instance, and I needed the git clone to work out of the box without manual intervention. So once I captured the ssh fingerprint from my known_hosts, I added this line to my Ansible playbook to make sure that line exists when bringing up new Jenkins masters/minions.
We are excited to announce the open beta program for self-hosted runners. Bitbucket Pipelines Runners is available to everyone. Please try it and let us know your feedback. If you have any issue...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events