REMOTE HOST IDENTIFICATION HAS CHANGED when accessing Bitbucket Server git repo over ssh
症状
When using git clone, push, fetch or pull to or from a repository hosted in Bitbucket Server over ssh, or when using ssh to access the machine Bitbucket Server is hosted on, the user receives an error due to mismatched server ssh keys, e.g.:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
13:c9:f6:9d:c1:67:16:95:69:27:08:4a:c9:16:62:75.
Please contact your system administrator.
Add correct host key in /home/USER/.ssh/known_hosts to get rid of this message.
Offending key in /home/USER/.ssh/known_hosts:1
RSA host key for bitbucket.customer.com has changed and you have requested strict checking.
Host key verification failed.
fatal: The remote end hung up unexpectedlyThis can happen when using git with a Bitbucket Server ssh url or ssh itself.
If the warning message is encountered each time the machine hosting Bitbucket is restarted, please see the KB, "REMOTE HOST IDENTIFICATION HAS CHANGED" is reported each time the server hosting Bitbucket is restarted
診断
The user is attempting to access the machine Bitbucket Server is hosted on via ssh, as well as accessing Bitbucket Server hosted repositories over ssh.
The Bitbucket Server ssh server and the normal ssh server on the machine hosting Bitbucket Server have different key-pairs, and the users version of ssh is not differentiating between the ssh servers running on the same machine on different port numbers. For example, in a standard set up:
- 22: the normal ssh server for shell access
- 7990: the Bitbucket Server ssh server for ssh git access
原因
OpenSSH clients previous to 4.4 are not able to differentiate between ssh servers running on the same machine on different ports when detecting changed server keys.
Type ssh -V to determine the version number of ssh:
$ ssh -V
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011回避策
There are a number of workarounds, see http://serverfault.com/questions/141553/how-to-make-ssh-match-known-hosts-to-host-ipport-instead-of-just-host-ip.
ソリューション
Upgrade the version of ssh on the clients machine to a version of ssh greater than or equal to 4.4.
Remove all entries for the machine hosting Bitbucket Server from the users ~/.ssh/known_hosts file