How to rectify SSH error: Authenticity of host can't be established?

I'm new to SSH. I'm working my way through the BitBucket tutorial "Set up SSH for Git":

https://confluence.atlassian.com/display/BITBUCKET/Set+up+SSH+for+Git

I'm at step 6.9:

Return to the terminal window and verify your configuration by entering the following command

ssh -T git@bitbucket.org

I get the error:

The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is ....

I would be grateful for any advice.

.

1 answer

1 accepted

This is actually normal. It’s not actually an SSH error. The Atlassian people really should have documented that this will probably happen in their instructions. Omitting it is bad on their part.

What’s happening is that SSH is being cautious. That’s part of being secure. Whenever SSH tries to log in to a host it hasn’t seen before, it will put up a message like this.

You didn’t paste in the whole message. It looks like this:

$ ssh -oUserKnownHostsFile=/dev/null -T git@bitbucket.org
The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?

SSH is saying “I haven’t seen this host before. It has this IP. It identifies itself with this fingerprint. Do you really want to connect?” And in really secure environments, you’d actually compare the fingerprint with the fingerprint that you had been given before to make sure you’re not connecting with an imposter host.

In this particular case, you don’t have any other fingerprint to compare it to. But you really are trying to connect to bitbucket.org. So you can go ahead and say “yes” and you should continue logging in.

SSH will also save the hostname and fingerprint in the ~/.ssh/known_hosts file. The next time you try to log in, it will see that you’ve connected to bitbucket.orgbefore, and bitbucket.org(presumably) has the same fingerprint, so it won’t put up that message again.

The security comes in in case some bad guy tries to impersonate bitbucket.org. Since forging fingerprints is really hard, he likely won’t be able to impersonate that, so when you try to log in to the bad site, you’ll get a message like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ff:ff:ff:f2:6f:14:6b:5c:3b:ec:aa:46:46:ff:ff:ff.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending key in ~/.ssh/known_hosts:1
RSA host key for bitbucket.org has changed and you have requested strict checking.
Host key verification failed.

Now, that’s an error.

Wow! Thanks for v. detailed response. All OK now. (Not sure if "Thanks" is permitted on this forum. If so - I can delete it.)

Thank you very much!

That's really helped me!

So I just needed to continue with YES option.

Very useful answer and well explained. Thank  you so much smile

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 06, 2018 in Bitbucket

Do you use Bitbucket Cloud and Jira Cloud? If so, let us know!

Hi Community, I'm Julia and I'm on the Jira Software Cloud marketing team!  We're looking for companies or teams using Bitbucket Cloud and Jira Software Cloud. If your team fits the t...

129 views 6 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you