Summary

The first time you access Bitbucket using the SSH URL, your SSH client checks to see if the Bitbucket host is a known host. If the host is not in your ~/.ssh/known_hosts file, SSH warns you that it's adding the Bitbucket host to known_hosts if you continue:

Environment

Any host that connects to bitbucket.org over ssh.

Diagnosis

Here is the logging that will be displayed.  

$ git clone ssh://git@bitbucket.org/<workspace>/<repo> 
The authenticity of host 'bitbucket.org (2406:da00:ff00::22cd:e0db)' can't be established.
RSA key fingerprint is SHA256:46OSHA1Rmj8E8ERTC6xkNcmGOw9oFxYr0WF6zWW8l1E
Are you sure you want to continue connecting (yes/no)?

When you run ssh in debug mode, these logs will tell you Server host key:

# ssh -v -T git@bitbucket.org
...
debug1: Server host key: ssh-rsa SHA256:46OSHA1Rmj8E8ERTC6xkNcmGOw9oFxYr0WF6zWW8l1E
The authenticity of host 'bitbucket.org (2406:da00:ff00::22cd:e0db)' can't be established.
RSA key fingerprint is SHA256:46OSHA1Rmj8E8ERTC6xkNcmGOw9oFxYr0WF6zWW8l1E
Are you sure you want to continue connecting (yes/no)?

Cause

This client has never accessed bitbucket.org before.  Or bitbucket.org was removed from the known_hosts file for this user.

Solution

When you see this warning, you can enter yes.  Then you can confirm the key location in the file by making a new ssh connection and looking for these logs:

$ ssh -v  -T git@bitbucket.org
...
debug1: Server host key: ssh-rsa SHA256:46OSHA1Rmj8E8ERTC6xkNcmGOw9oFxYr0WF6zWW8l1E
...
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:288

In this example, /Users/user/.ssh/known_hosts contained bitbucket.org ssh server identity in line 288.

Depending on the security protocols in your network, the system administrator may maintain a centrally located list of approved known hosts. For the Bitbucket server's public key fingerprints, see SSH keys.