I understand that Bitbucket is using a bundled Apache Mina SSH server for handling git cloning via ssh.
I am in the process of upgrading from 6.x Server to 8.x Datacenter and have FIPS enabled hosts. These hosts block git cloning from my server because it is using an RSA host key.
The host key is located at shared/config/ssh-server-keys.pem. I can validate it is they key in use by the host with openssl rsa -in ssh-server-keys.pem -RSAPublicKey_out and I can make a new host key that is ECDSA with ssh-keygen -t ecdsa -b 521 -m pem -f ssh-server-keys.pem but when I restart the server the ECDSA key gets replaced with a new RSA key.
The server only over-writes that file when I change it to an ECDSA key, if I leave the old RSA key it persists forever. To me, this means some configuration is requiring an RSA key to be used.
How can I make Bitbucket Datacenter 8.14 use an ECDSA SSH Host Key?
Same here. RSA will be disallowed for us in the near future. How can we change the key to ECDSA?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.