Host key verification failed with rsync pipe

Andrés Soria October 29, 2021

Hi everyone.

I had a weird behaviour on one of our self-hosted pipelines.

I want to deploy and artifact with SCP or Rsync but always get "Host key verification failed" ( both fails ).

Oddest thing is that ssh works like a charm with same config.

I'm pretty sure that it has to be a known_hosts file thing, but I can't figure why.

  • I've tried to create a known_hosts file on my repository. Didn't work.
  • Update known_hosts on the fly with ssh-keyscan -H $SERVER_IP >> ~/.ssh/known_hosts . Didn't work
  • use EXTRA_ARGS: '-o StrictHostKeyChecking=no' . Didn't work.
I can't follow instructions from https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/ -- Step 2: Update the known hosts because this is a private host, not accesible from internet.
My last attempt was something like this:
script:
- echo "Deployment test"
- mkdir -p /root/.ssh/
- ssh-keygen -R $SERVER_IP
- ssh-keyscan -H $SERVER_IP >> ~/.ssh/known_hosts
- cat ~/.ssh/known_hosts
- pipe: atlassian/rsync-deploy:0.6.0
variables:
USER: '$USER'
SERVER: '$SERVER_IP'
REMOTE_PATH: '/tmp/testscp/'
LOCAL_PATH: '/var/log/*'
DEBUG: 'true'
Is there any way to make this works that i'm missing?
Thanks a lot for your help.

 

1 answer

1 vote
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 29, 2021

@Andrés Soria 
Hi. Thanks for your question. We will investigate your issue and notify you.

Regards, Igor.

Andrés Soria November 3, 2021

Hi @Igor Stoyanov 

Any updates on this issue?

Thanks a lot for your help.

Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 5, 2021

Hi @Andrés Soria .
We still investigating this issue and unfortunately no useful updates for today.

Like Andrés Soria likes this
Andrés Soria November 16, 2021

Hi again Igor.

Any news?

Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 16, 2021

@Andrés Soria Hi. Currently working on your issue. First what i found is that know_hosts is under 

/opt/atlassian/pipelines/agent/ssh/known_hosts

and since that you don't have this file in your infrastructure (because you didn't update the known hosts from the UI) you have the error:

"No SSH known_hosts configured in Pipelines."

 Maybe try to update your know hosts manually but with the correct dir path:

ssh-keyscan -H $SERVER_IP >> /opt/atlassian/pipelines/agent/ssh/known_hosts

or generate the output of `ssh-keyscan -H <your private host>` from where it works and pass the result to `/opt/atlassian/pipelines/agent/ssh/known_hosts`
Waiting for your feedback. Regards Igor

Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 16, 2021

Also i found that self hosted runner does not work with default ssh_key. You should use your custom ssh key. See how to generate encoded ssh_key under the section 

Use multiple SSH keys in your pipeline of https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/

pass the output in the bitbucket repository variables with name i.e SSH_KEY and use it in your pipe:

script:
  - pipe: atlassian/rsync-deploy:0.7.0
    variables:
      USER: <your user>
      SERVER: <your host>
      REMOTE_PATH: '/var/www/build/'
      LOCAL_PATH: 'build'
      SSH_KEY: $SSH_KEY
      DEBUG: 'true'
Andrés Soria November 16, 2021

Ok, I have work to do.

Let me try this solutions. I'll get back to you as soon as possible.

Thanks.

Andrés Soria November 17, 2021

Hi @Igor Stoyanov 

I've been trying to update /opt/atlassian/pipelines/agent/ssh/known_hosts on different ways but always end with same result : Host key verification failed.

As you can see in the picture, i'm able to update known_hosts file but bitbucket seems to not use it.

2021-11-17_09h17_17.jpg

So, i figured it out by adding 

SSH_ARGS: '-o StrictHostKeyChecking=no'
to my bitbucket-pipelines.yml
It won't be the prettiest deployment but i think i can continue with it.
Thanks a lot for your help

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events