Situation:
google compute engine accessible via ssh from the internet
when trying to run script via bitbucket pipeline ssh fails with "no response" status
keys are available correctly but seems there is no connection from bitbucket to gcp environment via ssh
Hi Pavel!
We would need some additional information to figure out what is happening.
Kind regards,
Theodora
Hi Theodora,
it was not possible to generate a fingerprint, connection timed out
tried to generate a key via a shell variable, create a key file and use it directly in an secure shell connection, of course accompanied by other options like ignoring server key settings etc. I cannot post exact command here as it says "invalid html" and I cannot figure out how to avoid that annoying behavior.
Regards,
Pavel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pavel,
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Theodora,
- The test was run on Bitbucket internal runner
- The Google firewall was opened totally for the test machine both for incoming and outgoing connections during the test run
- yes, I am able to connect to the test machine via ssh family of protocols from windows, linux and mac os machines without any issues from my home ip address
Regards,
Pavel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pavel,
1. I am not sure what you mean by Bitbucket internal runner. Did you configure a runner as per this documentation https://support.atlassian.com/bitbucket-cloud/docs/runners/? If not, then the build would run on Atlassian infrastructure. Please let me know.
2. I can see in our logs two domain names and one IP address that you tried to fetch the fingerprint for in the last few days from Repository settings > SSH keys page of the repo. I assume these are the domain names and IP of the VM you want to connect to. Can you please confirm?
3. Which port are you using on this VM for SSH? Is it the standard port for SSH, port 22? Or a different one?
4. Is the VM up and running now and can it accept SSH connections? Since I can see the domain name and IP from our logs, if you let me know the port as well I can try to see if I can fetch the VM's fingerprint, check SSH connectivity, and any errors.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Theodora,
- I have not configured any special runner. I used image: node:16 in bitbucket-pipelines.yml configuration. Therefore, in your nomenclature this should be Atlassian infrastructure.
- the domain names given and the ip address represent the same node. Yes, I tried to run deployment step of a pipeline via an ssh connection there.
- ssh is configured on the standard 22 port
- the VM in question is running now (and steadily, it is our standard dev server) and the firewall rule was again set to allow everything from everywhere at google cloud firewall.
Regards,
Pavel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Theodora,
update: I have whitelisted the indicated pipeline related bitbucket ip addresses specifically and the pipeline ssh worked at the expense of ignoring server identity checks. Nevertheless, the procedure of the server fingerprint fetch fails still.
Regards,
Pavel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Theodora,
update: the server fingerprint started working. No issues remaining.
Tx a lot for help
Pavel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pavel,
Thank you for the updates, it's good to hear that the issues have been resolved after the IP whitelisting.
Please feel free to reach out if you ever need anything else!
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.