SSH key for local LAN machine: How to overcome "fetch key"?

Alexander Christian
Contributor
July 15, 2024

Hi there,

 

following scenario:

I have a pipeline with a local hosted docker linux runner. Means: Each pipeline execution runs in my local network. This enables me to access non-public hosts within my LAN. 

Now I want the pipeline to access a host systm located in my LAN via SSH.
My bitbucket repository enables me to add a SSH key by providing private and public key... But the known-hosts part is not possible, because Bitbucket (the cloud version of bitbucket) can never ever access the host on my LAN to fetch the fingerprint...

Any ideas on what to do? 

Constraints:
* it is *not* possible, not even for a short time, to make the ssh target host public   accessible to fetch the fingerprint

* it is *not* possible to switch to a public reachable system. It *has* to be a system on my local LAN.


1 answer

0 votes
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 17, 2024

Hi Alexander,

When you run a build, pipelines will create the file ~/.ssh/known_hosts in the build container. The fingerprints for the Bitbucket and GitHub sites are automatically added to that file, but you can also modify this file during the build.

Can you fetch the fingerprint of that local host during the build by adding a command like the following in your bitbucket-pipelines.yml file's script (in the step where you want to connect to that host)?

- ssh-keyscan hostname_or_ip_address_of_local_host >> ~/.ssh/known_hosts

Kind regards,
Theodora

Alexander Christian
Contributor
July 18, 2024

I need to retest. Last time I tried setting up the SSH access, I was not able to save it without using the fetch-button in the UI. But this did not work due to the fact, that the SSH server is not public reachable. 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events