Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to rectify SSH error: Authenticity of host can't be established?

Old Grantonian
Old Grantonian August 30, 2014

I'm new to SSH. I'm working my way through the BitBucket tutorial "Set up SSH for Git":

https://confluence.atlassian.com/display/BITBUCKET/Set+up+SSH+for+Git

I'm at step 6.9:

Return to the terminal window and verify your configuration by entering the following command

ssh -T git@bitbucket.org

I get the error:

The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is ....

I would be grateful for any advice.

.

Answer
Watch
Like # people like this
173631 views

4 answers

1 accepted

62 votes
Answer accepted
CEDRIC ZABEL
CEDRIC ZABEL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 30, 2014

This is actually normal. It’s not actually an SSH error. The Atlassian people really should have documented that this will probably happen in their instructions. Omitting it is bad on their part.

What’s happening is that SSH is being cautious. That’s part of being secure. Whenever SSH tries to log in to a host it hasn’t seen before, it will put up a message like this.

You didn’t paste in the whole message. It looks like this:

$ ssh -oUserKnownHostsFile=/dev/null -T git@bitbucket.org
The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?

SSH is saying “I haven’t seen this host before. It has this IP. It identifies itself with this fingerprint. Do you really want to connect?” And in really secure environments, you’d actually compare the fingerprint with the fingerprint that you had been given before to make sure you’re not connecting with an imposter host.

In this particular case, you don’t have any other fingerprint to compare it to. But you really are trying to connect to bitbucket.org. So you can go ahead and say “yes” and you should continue logging in.

SSH will also save the hostname and fingerprint in the ~/.ssh/known_hosts file. The next time you try to log in, it will see that you’ve connected to bitbucket.orgbefore, and bitbucket.org(presumably) has the same fingerprint, so it won’t put up that message again.

The security comes in in case some bad guy tries to impersonate bitbucket.org. Since forging fingerprints is really hard, he likely won’t be able to impersonate that, so when you try to log in to the bad site, you’ll get a message like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ff:ff:ff:f2:6f:14:6b:5c:3b:ec:aa:46:46:ff:ff:ff.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending key in ~/.ssh/known_hosts:1
RSA host key for bitbucket.org has changed and you have requested strict checking.
Host key verification failed.

Now, that’s an error.

View More Comments
Old Grantonian
Old Grantonian August 31, 2014

Wow! Thanks for v. detailed response. All OK now. (Not sure if "Thanks" is permitted on this forum. If so - I can delete it.)

Like
archmagees
archmagees March 1, 2016

Thank you very much!

That's really helped me!

So I just needed to continue with YES option.

Like
Alfredo León
Alfredo León November 23, 2016

Very useful answer and well explained. Thank  you so much smile

Like
Arup Upopadhyay
Arup Upopadhyay December 20, 2018

Very helpful

Like jaevis likes this
jaevis
jaevis March 11, 2019

yes it's Very helpful, thank you sir

Like
Baltasar Solanilla Ferraggine
Baltasar Solanilla Ferraggine March 14, 2019

Same problem, and thank you sir!

Like
justin-aveiro
justin-aveiro April 9, 2019

same problem. thanks for sharing

Like
david ibhaluobe
david ibhaluobe September 10, 2019

Thanks for saving me from connecting to the wrong tunnel with your detailed answer.

Like
silviya.kyulyumova
silviya.kyulyumova March 27, 2020

thanks a lot for the explanation!

Like
Clamantes
Clamantes May 14, 2020
So you can go ahead and say “yes” and you should continue logging in.

@CEDRIC ZABEL  I have same issue, but when i say "yes" it's answer me like:

<my_repository>@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.

I dont have any SSH in my repository (i tying made some, bat didn't use it and deleted). Just trying clone my data from bitbucket to new location (new pc)

Like
Reply
0 votes
flipmediaco
flipmediaco July 3, 2019

The permissions of our ~/.ssh directory had been set to 600, as this was a directory containing .known_hosts, these permissions meant no files could be read in the directory (due to the lack of "x"). Setting ~/.ssh to 700 fixes the issue.

You want the permissions to be:

  • .ssh directory: 700 (drwx------)$ chmod 700 ~/.ssh
  • private key (id_rsa): 600 (-rw-------)$ chmod 600 ~/.ssh/*
  • public key (.pub file): 644 (-rw-r--r--)$ chmod 644 ~/.ssh/*.pub


Settings other than the above will create errors when git is trying to connect to the origin.

View More Comments
david ibhaluobe
david ibhaluobe September 10, 2019

Thanks for saving me from connecting to the wrong tunnel with your detailed answer. 

Like flipmediaco likes this
Reply
0 votes
qsczsewsx
qsczsewsx June 2, 2019

same problem. thanks for sharing

Reply
0 votes
Myles Slack
Myles Slack August 10, 2018

Also please make sure that you have added the SSH Key in your bitbucket account under settings. I had a similar message migrating from GitHub to bitbucket.

btw, here is an an updated link the last one is down

https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-728138079.html 

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events