Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSH keys in Bitbucket Cloud

Svetlozar Petkov
Svetlozar Petkov July 19, 2023

My pipeline fails when it starts to initialize the git pull command with the following error:

Host key verification failed

I created a key pair in the SSH keys section of the repository settings and added the public key to the authorized_keys file of the custom user I created on my server which uses a linux shell runner from bitbucket. I tried everything from importing the public key of the user to the my personal keys, create a known hosts file as said in some documentation and basically almost everything else, but the error persists. Can anyone provide insight as to why this is happening and how to fix it ?

Answer
Watch
Like Be the first to like this
780 views

1 answer

1 accepted

1 vote
Answer accepted
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 21, 2023

Hello @Svetlozar Petkov and thank you for reaching out to Atlassian Community!

When connecting to a server over SSH, one of the first things that SSH will do if to verify if the server's fingerprint match with any entry on the local known_hosts file. If no entry is found that matches your server's fingerprint, the connection will fail with "Host key verification failed".

As pipelines steps are executed in docker containers, each execution of a step is a fresh start of the container, meaning the known_hosts file within the container will just contain the default entries of the docker image you are using, which likely does not container the entry for your external server (unless you are using a custom image where you added it).

In this case, you can use the Pipelines Known Hosts feature to save your server's known hosts, so pipelines will automatically add the fingerprint to the known_hosts inside the container when the build starts. For that, you can follow below instructions:

  1. Navigate to Repository Settings > SSH keys (under pipelines section)
  2. Provide your server's IP address or domain name and click on Fetch
    Screenshot 2023-07-21 at 2.28.41 PM.png
  3. Bitbucket will try to fetch the fingerprint from the server. After the fingerprint is fetched, click on the now available Add Host button, as this will save that fingerprint on Bitbucket.
  4. Now, for your subsequent builds, that fingerprint should be automatically added by pipelines inside the container's known_hosts file.

Hope that helps! Let me know in case you have any questions.

Thank you, @Svetlozar Petkov !

Patrik S

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events