Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

How to have pipeline ssh into host that cannot have it's fingerprint fetched?

mshafer1
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 15, 2023

(background below): 

I have a host that I want my Bitbucket repo to deploy to (using ssh) that I want to only be available when an authenticated background service is running on the agent.

Is there a way to specify the fingerprint (without fetching), or to allow the pipeline to proceed on that check? (an automated step to add the fingerprint to the repo I could run once could work...)

 

Background:

I've used a non-default port for my ssh, but on checking logs, I have learned this port has been found and probed (a lot). While no rando has gained access (thanks to ssh keys and disallowing passwords), I want to take this up a notch.

I tried using a firewall rule to only allow known public IPs; however, since I don't know the public IP's that Bitbucket jobs run from, I had to temporarily open up the firewall whenever doing a deployment (annoying).

Recently I learned about Twingate, and I want to setup my bitbucket pipeline to load a twingate headless service to create an authenticated tunnel that is then able to ssh without me opening my firewall; however, that means that the hostname the pipeline needs to use (foo.local) is only available once the pipeline has started the service and not on the repo settings to fetch the fingerprint.

1 answer

0 votes
mshafer1
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 17, 2023

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events