Updating ssh on PowerShell to trust new host keys 🔒
So, BitBucket has had some of their hostkeys have been leaked, so they are moving to new keys. This is all fine, but my current ssh setup wasn't using the new algorithms, as I could see when running
ssh git@bitbucket.org host_key_info
The output was telling me I was using the old ssh-rsa algo, so I needed to update my known hosts with the new details.
The instructions on https://bitbucket.org/blog/ssh-host-key-changes gave me the first part, I needed to update my known_hosts file with the new trusted keys.
ssh-keygen -R bitbucket.org
This added the new keys, but it also left my old ones behind, resulting in me getting an error when connecting. It was easy to get around, but it was very annoying.
Warning: the ECDSA host key for 'bitbucket.org' differs from the key for the IP address 'xxxxxxxxxx'
Offending key for IP in C:\Users\Luke/.ssh/known_hosts:9
Matching host key in C:\Users\Luke/.ssh/known_hosts:13
Are you sure you want to continue connecting (yes/no)? yes
The only way I could find to clean this up was by opening the known_hosts file, and removing the offending line (in my case line 9), once iIran the connection again stopped getting the error.