REMOTE HOST IDENTIFICATION HAS CHANGED when accessing Bitbucket Server git repo over ssh

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

When using git clone, push, fetch or pull to or from a repository hosted in Bitbucket Server over ssh, or when using ssh to access the machine Bitbucket Server is hosted on, the user receives an error due to mismatched server ssh keys, e.g.:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
13:c9:f6:9d:c1:67:16:95:69:27:08:4a:c9:16:62:75.
Please contact your system administrator.
Add correct host key in /home/USER/.ssh/known_hosts to get rid of this message.
Offending key in /home/USER/.ssh/known_hosts:1
RSA host key for bitbucket.customer.com has changed and you have requested strict checking.
Host key verification failed.
fatal: The remote end hung up unexpectedly

This can happen when using git with a Bitbucket Server ssh url or ssh itself.


If the warning message is encountered each time the machine hosting Bitbucket is restarted, please see the KB, "REMOTE HOST IDENTIFICATION HAS CHANGED" is reported each time the server hosting Bitbucket is restarted

Diagnosis

The user is attempting to access the machine Bitbucket Server is hosted on via ssh, as well as accessing Bitbucket Server hosted repositories over ssh.

The Bitbucket Server ssh server and the normal ssh server on the machine hosting Bitbucket Server have different key-pairs, and the users version of ssh is not differentiating between the ssh servers running on the same machine on different port numbers. For example, in a standard set up:

  • 22: the normal ssh server for shell access
  • 7990: the Bitbucket Server ssh server for ssh git access

Cause

OpenSSH clients previous to 4.4 are not able to differentiate between ssh servers running on the same machine on different ports when detecting changed server keys. 

Type ssh -V to determine the version number of ssh: 

$ ssh -V
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011

Workaround

There are a number of workarounds, see http://serverfault.com/questions/141553/how-to-make-ssh-match-known-hosts-to-host-ipport-instead-of-just-host-ip.

Resolution

  • Upgrade the version of ssh on the clients machine to a version of ssh greater than or equal to 4.4.

  • Remove all entries for the machine hosting Bitbucket Server from the users ~/.ssh/known_hosts file


Last modified on Jun 5, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.