How to obtain the SSH fingerprint from Bitbucket Server without connecting to it first
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
For security reasons it may be desirable to obtain the SSH fingerprint that Bitbucket Server or Data Center's SSH server will send without connecting via SSH first. This document explains how to retrieve the fingerprint using an alternative method.
Environment
Bitbucket Server or Data Center
Solution
To retrieve the SSH fingerprint, perform the following steps on the machine where Bitbucket Server is installed. In case of a Bitbucket Data Center instance you can perform these steps on any one of the nodes.
Copy the SSH key pair to a temporary location
1cp <BitbucketHome>/shared/config/ssh-server-keys.pem /tmpwhere
<BitbucketHome>is the Bitbucket Server home directory.ℹ️ The file may not exist. This can happen if SSH is not enabled in Bitbucket Server or if no connection to Bitbucket Server's SSH server was ever made.
Change the permissions on the temporary file so only the owner can access it
1chown 600 /tmp/ssh-server-keys.pemRun the
ssh-keygenutility to extract the SSH fingerprint from the key pair file1ssh-keygen -lf /tmp/ssh-server-keys.pemThis will produce output similar to this:
12048 SHA256:U+NO3sOxbAvVCtF1NCN/ZL2+rWJ9bddDQSoGom1TsI8 no comment (RSA)In this example output the fingerprint is
U+NO3sOxbAvVCtF1NCN/ZL2+rWJ9bddDQSoGom1TsI8
Was this helpful?