ssh keys for bitbucket.org can not be retrieved reliably

Issue #13617 closed
Fabian Off created an issue

Since a few days ago some of our internal builds are failing due to an error that was quite hard to trace. Our build script looks something like this:

  1. Init git settings (username, email)
  2. Get ssh-keys for both bitbucket.org and GitHub.com (ssh-keyscan -t rsa bitbucket.org)
  3. Checkout code from Bitbucket

Now in 3. our builds would sometimes fail randomly saying "The authenticity of host 'bitbucket.org (...)' can't be established.".

When we were investigating this issue we've found out that ssh-keyscan -t rsa bitbucket.org doesn't get the key every time. Instead sometimes it would simply return without any key at all: Screen Shot 2016-12-06 at 11.00.14.png

Please make sure that your app servers actually return the ssh key so that we can use this (as documented here: https://confluence.atlassian.com/bitbucket/use-the-ssh-protocol-with-bitbucket-cloud-221449711.html) in our automated builds.

Thanks in advance!

Comments (2)

  1. Kaleb Elwert Account Deactivated

    Best practice for ssh key signatures would be to store them yourselves, rather than grabbing them every time. This lets you ensure you're actually connecting to the servers you think you are.

    ssh-keyscan works by initiating an ssh connection to the server and displaying the public server host keys it saw when connecting. The only reason I know of that we wouldn't send that is if the client takes too long to initiate the handshake after connecting. It's worth noting that ssh-keyscan isn't even displaying the server version and name (which comes unencrypted before the key exchange happens). Perhaps your server is taking too long to initiate the connection? Our handshake timeout currently set to 60s. If you take longer than that, we forcefully close the connection so other users can connect.

    I don't believe there's anything we can do on our end, but if you'd like further help debugging this, you're welcome to follow up with support by emailing support@bitbucket.org

  2. Log in to comment