By Arica Chhay, Derrick Johnson
Bitbucket Cloud recently announced that encrypted copies of SSH host keys were extracted in a data breach of a third-party credential management vendor. The host keys are used to verify the identity of a trusted server for SSH connections.
To mitigate future risk of decryption, Bitbucket has proactively issued two new SSH host keys on May 15, 2023, and will be replacing the current host keys on June 20, 2023. By June 20, all users who have configured SSH host keys to Bitbucket repositories will need to rotate those keys on their systems.
Take action as soon as possible to avoid disruptions. Please review the official announcement for detailed instructions on how to switch to the new host keys and check if your SSH connections will be impacted.
Note: Git over HTTPS is not affected.
- If a repository remote begins with
httpsthen no changes are needed. - If a remote starts with
git@bitbucket.orgthen actions may be required.
Please contact the IT Help Desk at help@lbl.gov for questions or concerns related to Bitbucket.
in the bottom right or navigate to