How to ssh to google compute engine vm within bitbucket pipeline

Pavel Tarant July 31, 2023

Situation:

google compute engine accessible via ssh from the internet

when trying to run script via bitbucket pipeline ssh fails with "no response" status

keys are available correctly but seems there is no connection from bitbucket to gcp environment via ssh

1 answer

1 vote
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 1, 2023

Hi Pavel!

We would need some additional information to figure out what is happening.

  • Were you able to fetch the fingerprint of this VM from the Bitbucket Cloud repo's Repository settings > SSH keys > section Known hosts ?

  • What is the exact command you are using in Pipelines to connect to this VM and what is the full output of this command? (Please make sure you sanitize any private/sensitive data before sharing here)

Kind regards,
Theodora

Pavel Tarant August 2, 2023

Hi Theodora,

it was not possible to generate a fingerprint, connection timed out

tried to generate a key via a shell variable, create a key file and use it directly in an secure shell connection, of course accompanied by other options like ignoring server key settings etc. I cannot post exact command here as it says "invalid html" and I cannot figure out how to avoid that annoying behavior.

Regards,

Pavel

Pavel Tarant August 2, 2023

secure shell ended with timeout as well.

P

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 2, 2023

Hi Pavel,

Kind regards,
Theodora

Pavel Tarant August 2, 2023

Hi Theodora,

- The test was run on Bitbucket internal runner

- The Google firewall was opened totally for the test machine both for incoming and outgoing connections during the test run

- yes, I am able to connect to the test machine via ssh family of protocols from windows, linux and mac os machines without any issues from my home ip address 

Regards,

Pavel

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 2, 2023

Hi Pavel,

1. I am not sure what you mean by Bitbucket internal runner. Did you configure a runner as per this documentation https://support.atlassian.com/bitbucket-cloud/docs/runners/? If not, then the build would run on Atlassian infrastructure. Please let me know.

2. I can see in our logs two domain names and one IP address that you tried to fetch the fingerprint for in the last few days from Repository settings > SSH keys page of the repo. I assume these are the domain names and IP of the VM you want to connect to. Can you please confirm?

3. Which port are you using on this VM for SSH? Is it the standard port for SSH, port 22? Or a different one?

4. Is the VM up and running now and can it accept SSH connections? Since I can see the domain name and IP from our logs, if you let me know the port as well I can try to see if I can fetch the VM's fingerprint, check SSH connectivity, and any errors.

Kind regards,
Theodora

Pavel Tarant August 2, 2023

Hi Theodora,

- I have not configured any special runner. I used image: node:16 in bitbucket-pipelines.yml configuration. Therefore, in your nomenclature this should be Atlassian infrastructure.

- the domain names given and the ip address represent the same node. Yes, I tried to run deployment step of a pipeline via an ssh connection there.

- ssh is configured on the standard 22 port

- the VM in question is running now (and steadily, it is our standard dev server) and the firewall rule was again set to allow everything from everywhere at google cloud firewall.

Regards,

Pavel

Pavel Tarant August 2, 2023

Hi Theodora,

update: I have whitelisted the indicated pipeline related bitbucket ip addresses specifically and the pipeline ssh worked at the expense of ignoring server identity checks. Nevertheless, the procedure of the server fingerprint fetch fails still.

Regards,

Pavel

Pavel Tarant August 3, 2023

Hi Theodora,

update: the server fingerprint started working. No issues remaining.

Tx a lot for help

Pavel

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 4, 2023

Hi Pavel,

Thank you for the updates, it's good to hear that the issues have been resolved after the IP whitelisting.

Please feel free to reach out if you ever need anything else!

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events