Update your Bitbucket Cloud SSH Host Keys
Update your Bitbucket Cloud SSH Host Keys.
Table of Contents
1 Information
- Encrypted copies of Bitbucket’s SSH host keys were included in a data breach of a third-party credential management vendor.
- Bitbucket issued two new SSH host keys and will be replacing the current host keys on June 20, 2023.
2 Identify if your client is impacted
- To verify which host key your SSH client is using, you can run the following command:
$ ssh git@bitbucket.org host_key_info You are using host key with fingerprint: ssh-ed25519 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM See https://bitbucket.org/blog/ssh-host-key-changes for more details.
- Do you see either the new ECDSA or Ed25519 host key fingerprint in the output?
- Your SSH client has switched to the new host keys automatically and no further action is required for this client.
3 Otherwise, configure your client to trust the new host keys
- If neither new fingerprints appear in the output of your OpenSSH client, you can configure the new trusted host keys in the known_hosts file with these commands:
ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts