Create
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Community resources
Community resources
Community resources
Setup SSH for Windows Runner and cloning submodule
Julien Denozi
I'm New Here 
November 13, 2023 edited I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
First of all I already check this:
Windows runner clone Submodule
And I follow this page:
I've been working on setting up a Bitbucket pipeline for a Windows runner and have encountered some difficulties when trying to initialize submodules of my repository.
Here are the steps I've taken so far:
- I created an SSH key in my main repository and added it to the submodule.
- I created an SSH key in the submodule and added it to the main repository.
- I created an SSH key on the host that contains the runner and added it to both the main repository and the submodule repository.
- I also used a configuration file with the following settings:
Host bitbucket.org
AddKeysToAgent yes
IdentityFile ~/.ssh/runner_bitbucket_ssh- I created an SSH key, encoded it, and stored it in an environment variable called
RUNNER_BITBUCKET_SSH. I used the following command:
step: &submodule
runs-on:
- self.hosted
- windows
name: Init submodule
script:
- ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String($Env:RUNNER_BITBUCKET_SSH))) | Out-File -Encoding "ASCII" id_rsa
- $Env:GIT_SSH_COMMAND='ssh -i ./id_rsa -vvv'
- git submodule updateDespite these efforts, I'm still facing issues when initializing the submodule in the Bitbucket pipeline. Any guidance or suggestions on how to resolve this problem would be greatly appreciated.
EDIT: The runner is on a Windows VM
Here is the log I can see for now:
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM
debug1: load_hostkeys: fopen /c/Windows/system32/config/systemprofile/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/c/Windows/system32/config/systemprofile/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/c/Windows/system32/config/systemprofile/.ssh/known_hosts"
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/c/Windows/system32/config/systemprofile/.ssh/known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /c/Windows/system32/config/systemprofile/.ssh/known_hosts2 does not existdebug3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh_known_hosts"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not existdebug3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh_known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
fatal: clone of 'git@bitbucket.org:XXXXX' into submodule path 'XXXXXXXX' failed
Failed to clone 'XXXXXX'. Retry scheduled
OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Windows/system32/config/systemprofile/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Windows/system32/config/systemprofile/.ssh/known_hosts2'
debug2: resolving "bitbucket.org" port 22
debug3: resolve_host: lookup bitbucket.org:22
debug3: ssh_connect_direct: entering
debug1: Connecting to bitbucket.org [104.192.141.1] port 22.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: Connection established.
debug1: identity file ./id_rsa type 3
debug1: identity file ./id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.4
debug1: Remote protocol version 2.0, remote software version conker_07fc110085 5c5f11628bb5
debug1: compat_banner: no match: conker_07fc110085 5c5f11628bb5
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: load_hostkeys: fopen /c/Windows/system32/config/systemprofile/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-s
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM
debug1: load_hostkeys: fopen /c/Windows/system32/config/systemprofile/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/c/Windows/system32/config/systemprofile/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/c/Windows/system32/config/systemprofile/.ssh/known_hosts"
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/c/Windows/system32/config/systemprofile/.ssh/known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /c/Windows/system32/config/systemprofile/.ssh/known_hosts2 does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh_known_hosts"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh_known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
1 answer
Patrik S
Atlassian Team
November 14, 2023 edited Atlassian Team members are employees working across the company in a wide variety of roles.
Hello @Julien Denozi and welcome to the Community!
The error being returned
Host key verification failed
suggests that the known_hosts file containing the bitbucket.org fingerprints was not found, causing the SSH authentication to fail, as it does not yet trust bitbucket's SSH fingerprints.
In this case, if you haven't already, you can run the command
ssh-keyscan bitbucket.org
copy the full output of the command, and paste it inside a file named known_hosts under the directory %USERPROFILE%\.ssh. If the files/folders don't exist, you can create them. The file contains no extension.
As for the SSH key you need to :
1. Create the SSH key pair in the host machine
2. Add the public SSH key (no need to encode it) as an Access key in the submodule repository (and any other repository you want to manually clone during the build)
3. Now base64 encode the public SSH key using the command below
[convert]::ToBase64String((Get-Content -path "~/.ssh/my_ssh_key" -Encoding byte))
4. Save the encoded public SSH key value as an environment variable in the repository.
5. In your step's script, add the command to decode the key from the environment variable and clone the submodules :
step: &submodule
runs-on:
- self.hosted
- windows
name: Init submodule
script:
- ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String($Env:RUNNER_BITBUCKET_SSH))) | Out-File -Encoding "ASCII" id_rsa
- $Env:GIT_SSH_COMMAND='ssh -i ./id_rsa -vvv'
- git submodule updateCould you try following those sequence of steps and let us know how it goes?
Should you have any questions, feel free to ask!
Than you, @Julien Denozi !
Patrik S
Was this helpful?
Thanks!
DEPLOYMENT TYPE
CLOUDTAGS
Atlassian Community Events
Copyright © 2025 Atlassian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.