Details
-
Suggestion
-
Resolution: Done
Description
Problem Definition
Currently in the Bitbucket Server web UI the server's SSH host key is only displayed in MD5 format, however modern SSH clients display the server's host key in SHA256 format. It's therefore nigh impossible for a user to verify the server's identify, which poses a security risk.
Suggested Solution
In the web UI the SHA256 version of the host key should be displayed alongside the MD5 version.
Workarounds
- Either, set the option
FingerprintHash md5
in the SSH configuration file on the client to see the MD5 hash, but this applies to all hosts, which may not be desirable. - Or, if you want to avoid the global configuration change, you can also configure MD5 hashes on a case by case basis:
GIT_SSH_COMMAND="ssh -o FingerprintHash=MD5" git ...