Update your Bitbucket Cloud SSH Host Keys

Last updated on 2023-06-14 1 min read Computer-Science

Update your Bitbucket Cloud SSH Host Keys.

Table of Contents

1 Information

  • Encrypted copies of Bitbucket’s SSH host keys were included in a data breach of a third-party credential management vendor.
  • Bitbucket issued two new SSH host keys and will be replacing the current host keys on June 20, 2023.

2 Identify if your client is impacted

  • To verify which host key your SSH client is using, you can run the following command:
    1$ ssh git@bitbucket.org host_key_info
2You are using host key with fingerprint:
3ssh-ed25519 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM
4
5See https://bitbucket.org/blog/ssh-host-key-changes for more details.
  • Do you see either the new ECDSA or Ed25519 host key fingerprint in the output?
  • Your SSH client has switched to the new host keys automatically and no further action is required for this client.

3 Otherwise, configure your client to trust the new host keys

  • If neither new fingerprints appear in the output of your OpenSSH client, you can configure the new trusted host keys in the known_hosts file with these commands:
    1ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

Links to this note

Sysadmin
Dmitry S. Kulyabov
Dmitry S. Kulyabov
Professor of the Department of Probability Theory and Cybersecurity

My research interests include physics, Unix administration, and networking.

Related