REMOTE HOST IDENTIFICATION HAS CHANGED when accessing Bitbucket Server git repo over ssh

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

症状

When using git clone, push, fetch or pull to or from a repository hosted in Bitbucket Server over ssh, or when using ssh to access the machine Bitbucket Server is hosted on, the user receives an error due to mismatched server ssh keys, e.g.:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
13:c9:f6:9d:c1:67:16:95:69:27:08:4a:c9:16:62:75.
Please contact your system administrator.
Add correct host key in /home/USER/.ssh/known_hosts to get rid of this message.
Offending key in /home/USER/.ssh/known_hosts:1
RSA host key for bitbucket.customer.com has changed and you have requested strict checking.
Host key verification failed.
fatal: The remote end hung up unexpectedly

This can happen when using git with a Bitbucket Server ssh url or ssh itself.

診断

The user is attempting to access the machine Bitbucket Server is hosted on via ssh, as well as accessing Bitbucket Server hosted repositories over ssh.

The Bitbucket Server ssh server and the normal ssh server on the machine hosting Bitbucket Server have different key-pairs, and the users version of ssh is not differentiating between the ssh servers running on the same machine on different port numbers. For example, in a standard set up:

  • 22: the normal ssh server for shell access
  • 7990: the Bitbucket Server ssh server for ssh git access

原因

OpenSSH clients previous to 4.4 are not able to differentiate between ssh servers running on the same machine on different ports when detecting changed server keys. 

Type ssh -v to determine the version number of ssh: 

$ ssh -v
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011

回避策

There are a number of workarounds, see http://serverfault.com/questions/141553/how-to-make-ssh-match-known-hosts-to-host-ipport-instead-of-just-host-ip.

ソリューション

  • Upgrade the version of ssh on the clients machine to a version of ssh greater than or equal to 4.4.

  • Remove all entries for the machine hosting Bitbucket Server from the users ~/.ssh/known_hosts file

     

Last modified on Mar 30, 2016

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.