Update your Bitbucket Cloud SSH Host Keys

Update your Bitbucket Cloud SSH Host Keys.

Table of Contents

1 Information

  • Encrypted copies of Bitbucket’s SSH host keys were included in a data breach of a third-party credential management vendor.
  • Bitbucket issued two new SSH host keys and will be replacing the current host keys on June 20, 2023.

2 Identify if your client is impacted

  • To verify which host key your SSH client is using, you can run the following command:
    $ ssh git@bitbucket.org host_key_info
    You are using host key with fingerprint:
    ssh-ed25519 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM
    
    See https://bitbucket.org/blog/ssh-host-key-changes for more details.
    
  • Do you see either the new ECDSA or Ed25519 host key fingerprint in the output?
  • Your SSH client has switched to the new host keys automatically and no further action is required for this client.

3 Otherwise, configure your client to trust the new host keys

  • If neither new fingerprints appear in the output of your OpenSSH client, you can configure the new trusted host keys in the known_hosts file with these commands:
    ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts
    

Dmitry S. Kulyabov
Dmitry S. Kulyabov
Professor of the Department of Probability Theory and Cybersecurity

My research interests include physics, Unix administration, and networking.

Related