要約

For security reasons it may be desirable to obtain the SSH fingerprint that Bitbucket Server or Data Center's SSH server will send without connecting via SSH first. This document explains how to retrieve the fingerprint using an alternative method.

環境

Bitbucket Server or Data Center

ソリューション

To retrieve the SSH fingerprint, perform the following steps on the machine where Bitbucket Server is installed. In case of a Bitbucket Data Center instance you can perform these steps on any one of the nodes.

1. Copy the SSH key pair to a temporary location

   cp <BitbucketHome>/shared/config/ssh-server-keys.pem /tmp

   where <BitbucketHome>  is the Bitbucket Server home directory.

   The file may not exist. This can happen if SSH is not enabled in Bitbucket Server or if no connection to Bitbucket Server's SSH server was ever made.

2. Change the permissions on the temporary file so only the owner can access it

   chown 600 /tmp/ssh-server-keys.pem

3. Run the ssh-keygen  utility to extract the SSH fingerprint from the key pair file

   ssh-keygen -lf /tmp/ssh-server-keys.pem 

   This will produce output similar to this:

   2048 SHA256:U+NO3sOxbAvVCtF1NCN/ZL2+rWJ9bddDQSoGom1TsI8 no comment (RSA)

   In this example output the fingerprint is U+NO3sOxbAvVCtF1NCN/ZL2+rWJ9bddDQSoGom1TsI8