Remote RSA key may have changed?
I had been on another part of a project for a while, so the repository wasn't accessed for about 10 months or so.
2 days ago, I was tasked on working on it again, only to find out the repository had disappeared. Other repositories on our account hadn't, just this one, so that was odd. I had other things on my to-do list, and I wasn't worried (I still had the local files), so I decided I'd try to fix it today.
As if by miracle, today the repository was back as if it was never gone. I was relieved for a moment until I tried to test access to the repository with a pull request.
As you can see, things got a lot more odd. I went to check my RSA keys and those on bitbucket only to find out those were still the same... but the fingerprint I left partially unredacted in the image above (SHA256:4*******************************E) was not the fingerprint I had listed in my known_hosts.
Conclusion; either bitbucket must have changed servers/fingerprints at some point in the last 10 months, or I am actually dealing with a man-in-the-middle attack?
Can someone confirm if bitbucket made such changes in the last 10 months?
And if not... welp... does anyone know how to get rid of a man-in-the-middle attacker?
1 answer
1 accepted
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.