Viewing or Updating the Bitbucket Server SSH Private Key
The content on this page relates to platforms which are supported, however are out of scope of our Atlassian Support Offerings. Consequently, Atlassian cannot guarantee support. Please be aware that this material is provided for your information only and you may use it at your own risk.
Bitbucket Server runs its own SSH service to enable git over SSH. For this reason, Bitbucket Server generates and uses its own private key file. This article describes where to find the key and how it is used.
The SSH private key for Bitbucket Server is generated the very first time an SSH-based git request is made to the server. The SSH private key file is generated in the following location:
This key is a 1024 bit RSA key. If necessary it is possible to replace this key with your own, however be aware that if this key is changed, preexisting clients will most likely fail to connect when they recognise the RSA host key for your server has changed.
To replace the key:
- Rename the existing key (if you delete this key you will not be able to retrieve it!)
- Place a new private key file here with the name
- Note: To have Bitbucket randomly generate a new key instead, you can skip this step and immediately move to step 5
- Set the owner to the Bitbucket user and group:
chown atlbitbucket:atlbitbucket ssh-server-keys.pem
- Set the permissions to make the file readable only by the owner:
chmod 400 ssh-server-keys.pem
- Restart Bitbucket Server. Note that if you have not replaced the key file, a new key file will be generated the first time that an SSH-based git request is made to the server.
Note: Data Center installations use a shared NFS mount of
$BITBUCKET_HOME/shared and so all nodes of a Data Center instance use the same SSH key. This is the mechanism by which Bitbucket Data Center avoids DNS spoofing issues on the client side in a multi node setup.