Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-8582

Bitbucket Web UI should display host key in MD5 and SHA256 format

    XMLWordPrintable

Details

    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Problem Definition

      Currently in the Bitbucket Server web UI the server's SSH host key is only displayed in MD5 format, however modern SSH clients display the server's host key in SHA256 format. It's therefore nigh impossible for a user to verify the server's identify, which poses a security risk.

      Suggested Solution

      In the web UI the SHA256 version of the host key should be displayed alongside the MD5 version.

      Workarounds

      1. Either, set the option
          FingerprintHash md5
        in the SSH configuration file on the client to see the MD5 hash, but this applies to all hosts, which may not be desirable.
      2. Or, if you want to avoid the global configuration change, you can also configure MD5 hashes on a case by case basis:
          GIT_SSH_COMMAND="ssh -o FingerprintHash=MD5" git ...

      Attachments

        Activity

          People

            hschnepel Hendrik (Inactive)
            cglockner Christian Glockner
            Votes:
            4 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: