SSH "continue connecting (yes/no)?" fails silently

TinkerBill
Contributor
October 31, 2023

I have a script that uses SSH to pull the latest repo from bitbucket.org to a remote server.

ssh -t -t -p 722 <server-credentials> <<'ENDSSH'
cd <path-to-server-repo>.git
git fetch -vvv ssh://git@bitbucket.org/<path-to-bitbucket-repo>.git master
git --work-tree=$HOME/<path-to-work-tree> reset --hard FETCH_HEAD
ENDSSH

When it reaches the git fetch line it responds with...

The authenticity of host 'bitbucket.org (104.192.141.1)' can't be established.
ECDSA key fingerprint is SHA256:FC73VB6C4OQLSCrjEayhMp9UMxS97caD/Yyi2bhW/J0.
ECDSA key fingerprint is MD5:dc:05:b9:ef:7e:67:f0:a5:16:2c:28:1a:b8:3a:86:2c.
Are you sure you want to continue connecting (yes/no)?

When I enter yes, nothing happens. Until eventually...

packet_write_wait: Connection to <IP and port>: Broken pipe

This script works fine on another server - just not this one.

Examining ~/.ssh/known_hosts, there are several entries for bitbucket.org - at least some of which seem to correspond to the required public key.

  1. Do I need to purge known_hosts of all but one bitbucket.org entry?
  2. Is there a way of getting more feedback as to what's going on at the remote server?

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 1, 2023

Hi @TinkerBill,

You can execute the following command in order to remove any old Bitbucket host keys from the known_hosts file and ensure that the current host keys are there:

ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

This command needs to be executed on the remote server where you fetch from the Bitbucket repo.

You can then execute the following command

ssh git@bitbucket.org host_key_info

and compare the fingerprint in the output with the fingerprints listed here, to ensure that it matches one of our keys.

The broken pipe error seems to come from the SSH connection between the machine that runs the script and the server it connects to. The server may be closing connections that are idle for too long.

You can try updating the ClientAliveInterval option on your server's sshd_config file:

However, this error may go away if you update the host keys in known_hosts and the git fetch command no longer requires input.

Kind regards,
Theodora

TinkerBill
Contributor
November 1, 2023

Thanks @Theodora Boudale . That's working.

I now realise that I'd been investigating/changing the known_hosts file on my Mac, whereas it's the one on the remote server that bitbucket is checking.

Older, wiser and grateful.

Bill

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 3, 2023

Hi Bill,

That's good to hear and you are very welcome.

Please feel free to reach out if you ever need anything else!

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events