63

I want to clone a remote repository to my local machine. I used the command: 

git clone git@bitbucket.org:<username>/<repo_name>.git

and I got the message:

The authenticity of host 'bitbucket.org (104.192.143.3)' can't be
established. RSA key fingerprint is
SHA256:****. Are you sure you
want to continue connecting (yes/no)?  Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository
exists.

I just want to mention that I already took care of the ssh issues. I generated an ssh key by the command 'ssh-keygen' and I copied the contents of ~/.ssh/id_rsa.pub to Bitbucket Settings -> SSH keys (according to this link: https://confluence.atlassian.com/bitbucket/set-up-ssh-for-git-728138079.html)

I also looked at my "user and group access" and I saw this:

enter image description here

Can you advise me what to do?

Andrey Mikhaylov - lolmaus
  • 21,972
  • 5
  • 79
  • 126
CrazySynthax
  • 11,486
  • 28
  • 82
  • 152

5 Answers5

101

The message says

Host key verification failed.

nothing about authentication, so you are working on the wrong field. It means that the host key of the bitbucket.org is not in your ~/.ssh/known_hosts and your client does not have any way how to verify it. It was answered many times how to workaround it, but how to do it properly?

There is section in the bitbucket manuals, describing how their public keys and fingerprint looks like. So:

  1. Run ssh bitbucket.org

  2. It will prompt you with one of the fingerprints:

    The authenticity of host 'bitbucket.org (104.192.143.3)' can't be established.
RSA key fingerprint is SHA256:*****.
Are you sure you want to continue connecting (yes/no)?

  3. You verify the fingerprint in the prompt is the same as on the bitbucket website:

    SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A bitbucket.org (RSA)

  4. You write yes and press enter to verify the connection works.

Or just copy the public key from the bitbucket website directly in the ~/.ssh/known_hosts file

echo "bitbucket.org,104.192.143.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> ~/.ssh/known_hosts

if nothing from the above helps, please run ssh -vvv bitbucket.org and post the output to the edited question.

Franklin Yu
  • 7,543
  • 4
  • 40
  • 50
Jakuje
  • 22,547
  • 12
  • 59
  • 68
  • 1
    When I type: "ssh bitbucket.org" I get: The authenticity of host 'bitbucket.org (104.192.143.3)' can't be established. RSA key fingerprint is SHA256:*****. Are you sure you want to continue connecting (yes/no)? yes Host key verification failed. – CrazySynthax Nov 13 '16 at 20:48
  • *"2. It will prompt you with one of the fingerprints"* = "RSA key fingerprint is SHA256:*****." (from the link in the post). – Jakuje Nov 13 '16 at 20:49
  • Sadly, the website you link to has no mention of `zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A` anymore. However, it is still right. So, your answer has become canon. – Bruno Bronosky Nov 02 '17 at 22:34
  • 1
    @BrunoBronosky the public key fingerprints are still available [on the BitBucket website](https://confluence.atlassian.com/bitbucket/troubleshoot-ssh-issues-271943403.html), which also has some further details. – Alex Dec 22 '17 at 11:29
  • 1
    Thanks, @Alex. I added the new URL to the answer. – Bruno Bronosky Dec 23 '17 at 05:21
  • 1
    I updated the link again; the original one only has MD5, not SHA-256. I finally find the answer thanks to [this Q&A](https://community.atlassian.com/t5/Bitbucket-questions/What-is-bitbucket-RSA-key-fingerprint/qaq-p/307924). Bitbucket is good at hiding the SSH keys, which doesn’t sound right; the SSH key should be well-known for SSH trust model to work. It should be the first result from Googling “Bitbucket host key”. In contrast, GitHub public key is typically the first result. – Franklin Yu Oct 10 '18 at 04:17
  • Still works 5 years later – Pranav Kasetti Jan 26 '22 at 22:41
9
mkdir ~/.ssh
touch ~/.ssh/known_hosts
ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts
NickUnuchek
  • 10,046
  • 9
  • 87
  • 127
1

  • Create a file named known_hosts inside ~/.ssh if it doesn't already exists.

  • Paste the following into it and you're good to go.

    bitbucket.org,104.192.143.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==

Anonymous Panda
  • 4,176
  • 1
  • 4
  • 26
0

You'll get the same error:

Host key verification failed.

in case you press enter instead of answering the question:

Are you sure you want to continue connecting (yes/no/[fingerprint])?

with yes

senjin.hajrulahovic
  • 2,496
  • 2
  • 15
  • 29
-1

If you already have ssh enabled do copy all the files from .ssh folder inside backup folder before following steps

  1. Open Git Bash and type ssh-keygen, and press Enter three times (one for location, and two for empty passphrase).
  2. It will create .ssh folder if not present and creates two files id_rsa & id_rsa.pub inside .ssh folder.
  3. Now go to Bitbucket settings -> ssh keys -> aad key
  4. Paste id_rsa.pub string in Bitbucket and press ok.
  5. Restart Git Bash
  6. Try to clone repo. It should work now.
Apoorv Gupta
  • 9
  • 3