• Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Medium Medium
    • None
    • 2.10.1
    • Installation, SSH
    • None

      Whenever Stash is upgraded following instructions, I get the classic RSA fingerprint has changed error:

      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
      @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
      IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
      Someone could be eavesdropping on you right now (man-in-the-middle attack)!
      It is also possible that the RSA host key has just been changed.
      The fingerprint for the RSA key sent by the remote host is
      13:c9:f6:9d:c1:67:16:95:69:27:08:4a:c9:16:62:75.
      Please contact your system administrator.
      Add correct host key in /home/USER/.ssh/known_hosts to get rid of this message.
      Offending key in /home/USER/.ssh/known_hosts:1
      RSA host key for stash.customer.com has changed and you have requested strict checking.
      Host key verification failed.
      fatal: The remote end hung up unexpectedly
      

      This means that every time I upgrade Stash I have to go and rewrite that identification in known_hosts on all developer machines and continuous integration build slaves.

      It would be very useful if I could somehow keep the same fingerprint from before. This does not have to be the default behavior.

      If this is already possible, consider documenting this in the upgrade guide

            [BSERV-4364] Keep server RSA fingerprint after upgrade

            Reading more into the upgrade guide, I now saw that you highly recommend that STASH_HOME is not set within the installation directory, which is probably what our IT crew was doing.

            I'll go over this with them, sorry for the trouble. Feel free to close/discard this, and thank you for the help =)

            campos_ddc added a comment - Reading more into the upgrade guide, I now saw that you highly recommend that STASH_HOME is not set within the installation directory, which is probably what our IT crew was doing. I'll go over this with them, sorry for the trouble. Feel free to close/discard this, and thank you for the help =)

            Brent P added a comment -

            Hi campos.ddc,

            As Jason mentions in his comment, the SSH key should be persisted in your Stash home directory. Are you modifying/deleting any files in your Stash home directory when you upgrade Stash?

            We believe this feature is already working as you expect. Perhaps this would be better addressed as a Stash support issue on https://support.atlassian.com, where our support engineers can get information about your specific case.

            – Brent

            Brent P added a comment - Hi campos.ddc , As Jason mentions in his comment, the SSH key should be persisted in your Stash home directory. Are you modifying/deleting any files in your Stash home directory when you upgrade Stash? We believe this feature is already working as you expect. Perhaps this would be better addressed as a Stash support issue on https://support.atlassian.com , where our support engineers can get information about your specific case. – Brent

            The SSH server's key pair should be persisted between upgrades. The key pair is stored in <STASH_HOME>/config/ssh-server-keys.pem.

            jhinch (Atlassian) added a comment - The SSH server's key pair should be persisted between upgrades. The key pair is stored in <STASH_HOME>/config/ssh-server-keys.pem .

              Unassigned Unassigned
              3f81a5b66c6d campos_ddc
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: