1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues


Issue #2693 resolved

SSH Keys have changed (BB-2416)

Hasani Hunter
created an issue

While pushing code to my repo I got a ssh remote host identication error message: remote: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ remote: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ remote: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ remote: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! remote: Someone could be eavesdropping on you right now (man-in-the-middle attack)! remote: It is also possible that the RSA host key has just been changed. remote: The fingerprint for the RSA key sent by the remote host is remote: 5f:3e:50:83:cf:b0:fa:97:9b:d7:f3:49:da:ac:f2:53. remote: Please contact your system administrator. remote: Add correct host key in /Users/hasani/.ssh/known_hosts to get rid of this message. remote: Offending key in /Users/hasani/.ssh/known_hosts:3 remote: RSA host key for bitbucket.org has changed and you have requested strict checking. remote: Host key verification failed. abort: no suitable response from remote hg! warning: changegroup hook exited with status 255

I have the following ssh key info for bitbucket: bitbucket.org, ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==

Comments (9)

  1. Brad Olson

    I noted an ssh key change today. Changing my .hgrc solved the warning (see below), but as a security concern, would request that bitbucket publish it's fingerprints. I'm travelling, so it could be my DNS is getting redirected to something else. But being able to look on bitbucket to confirm the fingerprint would help me know whether to ignore the warning or heed it.

    Thanks again for a great product!

    #what it used to be
    #bitbucket.org = 81:2b:08:90:dc:d3:71:ee:e0:7c:b4:75:ce:9b:6c:48:94:56:a1:fe
    #new fingerprint today
    bitbucket.org = e4:78:af:3f:50:1f:80:81:4a:3d:18:6d:f5:cf:ea:75:07:c1:03:6e
  2. Jesper Noehr

    Brad Olson,

    First of all, those are not SSH fingerprints, they're SSL.

    Secondly, our SSL fingerprint did *not* change. I don't know who's serving you the e4:78 fingerprint, but ours remain 81:2b. This is somewhat suspicious, and I suggest you look into that.

    But yes, this would've been all more clear if we had these fingerprints published. I'll open an internal issue for this and get them up on the site.

  3. Robert Meissner

    My system is WIndows7@64Bit, https works, but with ssh i get this error over and over again: Auth failed. I've set up known_hosts with the fingerprint 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 but it seems, the config file with Host bitbucket.org IdentityFile C:\Users\myname.ssh\id_rsa is not accepted. I've added my personal public key to my account, but i don't get prompted to add it in eclipse...

  4. Andy Brook (DEV)

    This just happened in the last 20m. I have i my ~/.hgrc 24:9c:45:8b:9c:aa:ba:55:4e:01:6d:58:ff:e4:28:7d:2a:14:ae:3b

    But a push gives this error referring key: abort: certificate for bitbucket.org has unexpected fingerprint 67:b3:bf:9f:c5:38:0e:4c:dd:4e:8a:da:3d:11:1b:c2:a5:d1:6c:6b

    Same issue/different issue?

  5. Kevin Ernst

    Charles McLaughlin The Confluence page you link to in your previous comment is now a 404.

    Always just typing 'yes' at these prompts without actually verifying the fingerprint is akin to permanently trusting expired/bogus SSL certs. It just isn't prudent.

    I see 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 for new connections, and that's different from just about every other fingerprint mentioned on this page. Some definitive place to find the true and actual key fingerprints (like this) would be like really ideal.

  6. Log in to comment