Bitbucket cloud pipelines - Builds with external server ssh connections fail with "cannot handle type rsa-sha2-512" error
Platform Notice: Cloud Only - This article only applies to Atlassian apps on the cloud platform.
Summary
The pipeline builds might stop working with the following SSH connection error:
Error:
ssh_rsa_verify: cannot handle type rsa-sha2-512
cert_parse: Certificate signature verification failed
key_from_blob: can't parse cert data
cannot decode server_host_key_blobCause
The error suggests that the SSH client you're using does not support the rsa-sha2-512 key type. If your build pipeline is defined to use the default or latest pipeline image, such as the example below where you don't explicitly define any Docker image, it will use atlassian/default-image:1 alias atlassian/default-image:latest.
Example pipeline:
pipelines:
branches:
main:
- step:
name: Deploy
script:
- ssh -p $PORT $SSH_USER@$SERVERThe image atlassian/default-image:1 alias atlassian/default-image:latestcontains an older version of OpenSSH which is causing this error, as it cannot handle type rsa-sha2-512.
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014Solution
Please use a later version of the Atlassian Docker image like atlassian/default-image:4 as recommended here or you can use your own Docker image which contains the latest OpenSSH version configured.
Example pipeline:
atlassian/default-image:4
pipelines:
branches:
main:
- step:
name: Deploy
script:
- ssh -p $PORT $SSH_USER@$SERVERUsing the latest version of OpenSSH should fix this issue. If the issue persists, you can reach out to Bitbucket cloud support.
Was this helpful?