Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Use multiple SSH keys in your pipeline: Host key verification failed error



I am trying to use a second ssh key in my build pipeline which is using git ls-remote to pull nodejs classes from Repo B to Repo A (the build repo). 

I am getting this error:

“Host key verification failed.

    fatal: Could not read from remote repository.

   Please make sure you have the correct access rights and the repository    exists.”


I referred to these questions for  answers and nothing worked for me:


I also referred to this tutorial in the documentation : (Section: Use multiple SSH keys in your pipeline)

to SUM up what I did so far:

  • Generated an ssh key
  • Encoded the ssh key to base64
  • added the encoded key to repository variables in the build repository
  • Added the public key as an access key to the repo B that I'm trying to pull the classes from.
  • Added as a known_host in the build repository.

Please find attached my pipeline file:


docker: true
- step:
name: Build and push
deployment: Develop
- whoami
- echo $HOME
# Add bitbucket to known hosts manually even though I added it at the pipeline settings
- echo ", ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" > /root/.ssh/known_hosts
- ssh-keyscan -t rsa > my_known_hosts
- cat my_known_hosts >> ~/.ssh/known_hosts
# Cancel host verification (In a desperate step to bypass the error)
- 'echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config'
# Decode private key
- (umask 077 ; echo $SSH_SECOND_KEY | base64 -d > ~/.ssh/id_rsa)
#Build the docker image, THE ERROR happens here since I am building yarn here
- az login --service-principal --username $CR_APP_ID --password $CR_APP_PASSWORD --tenant $CR_AD_TENANT_ID
- az acr login -n $CR_ACR_NAME
- cd helm
- git submodule update --init --recursive
- git branch && ls -al
- sed -i "s/tag.*/tag\:\ $BITBUCKET_COMMIT/" helms/$BITBUCKET_REPO_SLUG/values.yaml
- git add helms/$BITBUCKET_REPO_SLUG/values.yaml
- git config --global ""
- git commit -m "$BITBUCKET_REPO_SLUG upgraded with commit $BITBUCKET_TAG on $BITBUCKET_DEPLOYMENT_ENVIRONMENT environment"
- docker

memory: 3070


Thank you!

1 answer

1 accepted

1 vote
Answer accepted

Hi @Mohamed BELLAKHAL,

Checking your yml file, I see that you are not cloning any repo in the script, but you mention that this command fails:


I assume that you have a Dockerfile in your repo that you are building, and you have a command to clone a repo in the Dockerfile?

If so, you will need to pass the SSH key to the docker build command and the known_hosts file also needs to be created in the Dockerfile.

I share below the steps that worked for me:

1. I created a secured variable named SSH_KEY in the repo where I build the Dockerfile.
The value of this variable is the private SSH key after I encoded it to base64.
The public key was added to the repo I want to clone.

2. In my bitbucket-pipelines.yml I build the Dokcerfile with the following command:

- docker build -t account/repo . --build-arg ssh_docker_key="${SSH_KEY}"

3. My Dockerfile includes the following lines:

ARG ssh_docker_key
RUN mkdir /root/.ssh/
RUN echo "$ssh_docker_key" | base64 --decode > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan > /root/.ssh/known_hosts
RUN git clone /home/app

Is this something that works for you?

Kind regards,

Hello Theodora,

Yes your solution did the job for me. Thanks a lot!

Best Regards, Mohamed

Hi Mohamed,

That's good to hear and you are very welcome.

Please feel free to reach out if you ever need anything else!

Kind regards,

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events