How to create a new SSH Host key

Hunter Kimbrough
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 20, 2024

I understand that Bitbucket is using a bundled Apache Mina SSH server for handling git cloning via ssh.


I am in the process of upgrading from 6.x Server to 8.x Datacenter and have FIPS enabled hosts. These hosts block git cloning from my server because it is using an RSA host key.


The host key is located at shared/config/ssh-server-keys.pem. I can validate it is they key in use by the host with openssl rsa -in ssh-server-keys.pem -RSAPublicKey_out and I can make a new host key that is ECDSA with ssh-keygen -t ecdsa -b 521 -m pem -f ssh-server-keys.pem but when I restart the server the ECDSA key gets replaced with a new RSA key.


The server only over-writes that file when I change it to an ECDSA key, if I leave the old RSA key it persists forever. To me, this means some configuration is requiring an RSA key to be used. 


How can I make Bitbucket Datacenter 8.14 use an ECDSA SSH Host Key?

1 answer

0 votes
Kristoffer Rudolph March 14, 2024

Same here. RSA will be disallowed for us in the near future. How can we change the key to ECDSA?

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events