Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Wrong Known host fingerprint fetched for Pipeline SSH Keys

Kristjan Ortego
Kristjan Ortego March 26, 2025

Hello,

I am experiencing an interesting issue. When I'm adding a known hosts under Pipelines > SSH Keys, the fingerprint is not the same and only rarely I get the correct fingerprint. From my testing, it looks like a hit-and-miss approach, since I'm not changing anything on my end and server is no behind firewall, but from 30 "Fetch" known hosts fingerprint, I may get 1 that is correct. I'm also getting up to three different fingerprints for the same host and don't know why.

The problem is that when I'm using Pipelines for deployment, I get a big red error in those that "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!". But it didn't, the fingerprint obtained was wrong in the first place. After I fetch the correct key, everything works correctly.

Any ideas?

Answer
Watch
Like Be the first to like this
82 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 28, 2025

Hi Kristjan and welcome to the community!

Does this server perhaps have multiple host keys?

If you run the command

ssh-keyscan <domain_name_or_ip_address_of_server>

from your own computer, do you get multiple keys listed?

If you do get multiple ones, do their fingerprints match with the different fingerprints you get from Repository settings > SSH Keys in the Known hosts section, when you try to fetch the fingerprint?

Kind regards,
Theodora

View More Comments
Kristjan Ortego
Kristjan Ortego April 2, 2025

Hi Theodora,

I wasn't even aware that a host can have multiple keys (I'm not a linux expert, so please bear with me), I always thought that there's only one. Have ran the suggested command and I see three keys listed:

- ssh-rsa

- ecdsa-sha2-nistp256

- ssh-ed25519

I managed to get fingerprints from the response and after comparing them to the ones I get in Bitbucket, I see that all three are correct, but when deploying through pipelines, only first one works (ssh-rsa). Other two are rejected with the error message that I pasted in my first message.

I assume if I want to fix this one, I need to remove other two keys from my system? Please note that this is something new, since I do have few more servers and never noticed an issue before, only one is acting up that I created recently.

Best regards,

Kristjan

Like
Syahrul
Syahrul
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 7, 2025

Hey @Kristjan Ortego 

In SSH, it's common for a host to have multiple public keys associated with different encryption algorithms. Each key type offers various levels of security and performance, and SSH clients and servers can negotiate which type to use during the connection setup.

You don't have to remove the host keys; instead, it's because the server you're connecting to might be configured to prefer "ssh-rsa". If it prefers ssh-rsa, then that's likely why it's working when the other two are not. This could be configured in the server's SSH configuration file (typically /etc/ssh/sshd_config), where you can specify which key types are accepted.

I hope this helps.

Regards,
Syahrul

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.