Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Use multiple SSH keys in your pipeline: Host key verification failed error

Deleted user December 24, 2021

Hello,

I am trying to use a second ssh key in my build pipeline which is using git ls-remote to pull nodejs classes from Repo B to Repo A (the build repo). 

I am getting this error:

“Host key verification failed.

    fatal: Could not read from remote repository.

   Please make sure you have the correct access rights and the repository    exists.”

 

I referred to these questions for  answers and nothing worked for me:

https://community.atlassian.com/t5/Bitbucket-questions/Pulling-a-private-repo-from-bitbucket-in-pipelines/qaq-p/1345649

https://community.atlassian.com/t5/Bitbucket-questions/How-can-I-use-SSH-in-Bitbucket-Pipelines/qaq-p/347345

https://community.atlassian.com/t5/Answers-Developer-Questions/Pulling-private-repositories-inside-pipelines/qaq-p/468574

 

I also referred to this tutorial in the documentation :

https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/ (Section: Use multiple SSH keys in your pipeline)

to SUM up what I did so far:

  • Generated an ssh key
  • Encoded the ssh key to base64
  • added the encoded key to repository variables in the build repository
  • Added the public key as an access key to the repo B that I'm trying to pull the classes from.
  • Added bitbucket.org as a known_host in the build repository.

Please find attached my pipeline file:

 

image: mcr.microsoft.com/azure-cli
options:
docker: true
pipelines:
branches:
master:
- step:
name: Build and push
deployment: Develop
script:
- whoami
- echo $HOME
# Add bitbucket to known hosts manually even though I added it at the pipeline settings
- echo "bitbucket.org,104.192.143.2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" > /root/.ssh/known_hosts
- ssh-keyscan -t rsa bitbucket.org > my_known_hosts
- cat my_known_hosts >> ~/.ssh/known_hosts
# Cancel host verification (In a desperate step to bypass the error)
- 'echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config'
# Decode private key
- (umask 077 ; echo $SSH_SECOND_KEY | base64 -d > ~/.ssh/id_rsa)
#Build the docker image, THE ERROR happens here since I am building yarn here
- docker build -t $CR_ACR_HOSTNAME/$ACR_REPOSITORY_NAME:$BITBUCKET_COMMIT -t $CR_ACR_HOSTNAME/$ACR_REPOSITORY_NAME:$BITBUCKET_BUILD_NUMBER .
- az login --service-principal --username $CR_APP_ID --password $CR_APP_PASSWORD --tenant $CR_AD_TENANT_ID
- az acr login -n $CR_ACR_NAME
- docker push $CR_ACR_HOSTNAME/$ACR_REPOSITORY_NAME
- cd helm
- git submodule update --init --recursive
- git checkout $BITBUCKET_DEPLOYMENT_ENVIRONMENT
- git branch && ls -al
- sed -i "s/tag.*/tag\:\ $BITBUCKET_COMMIT/" helms/$BITBUCKET_REPO_SLUG/values.yaml
- git add helms/$BITBUCKET_REPO_SLUG/values.yaml
- git config --global user.email "ci-cd@company.com"
- git commit -m "$BITBUCKET_REPO_SLUG upgraded with commit $BITBUCKET_TAG on $BITBUCKET_DEPLOYMENT_ENVIRONMENT environment"
- git push origin $BITBUCKET_DEPLOYMENT_ENVIRONMENT
services:
- docker

definitions:
services:
docker:
memory: 3070
 

 

Thank you!

Answer
Watch
Like Be the first to like this
2183 views

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 27, 2021

Hi @[deleted],

Checking your yml file, I see that you are not cloning any repo in the script, but you mention that this command fails:

- docker build -t $CR_ACR_HOSTNAME/$ACR_REPOSITORY_NAME:$BITBUCKET_COMMIT -t $CR_ACR_HOSTNAME/$ACR_REPOSITORY_NAME:$BITBUCKET_BUILD_NUMBER .

I assume that you have a Dockerfile in your repo that you are building, and you have a command to clone a repo in the Dockerfile?

If so, you will need to pass the SSH key to the docker build command and the known_hosts file also needs to be created in the Dockerfile.

I share below the steps that worked for me:

1. I created a secured variable named SSH_KEY in the repo where I build the Dockerfile.
The value of this variable is the private SSH key after I encoded it to base64.
The public key was added to the repo I want to clone.

2. In my bitbucket-pipelines.yml I build the Dokcerfile with the following command:

- docker build -t account/repo . --build-arg ssh_docker_key="${SSH_KEY}"

3. My Dockerfile includes the following lines:

ARG ssh_docker_key
RUN mkdir /root/.ssh/
RUN echo "$ssh_docker_key" | base64 --decode > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org > /root/.ssh/known_hosts
RUN git clone git@bitbucket.org:some-workspace/some-repo.git /home/app

Is this something that works for you?

Kind regards,
Theodora

View More Comments
Deleted user December 28, 2021

Hello Theodora,

Yes your solution did the job for me. Thanks a lot!

Best Regards, Mohamed

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 29, 2021

Hi Mohamed,

That's good to hear and you are very welcome.

Please feel free to reach out if you ever need anything else!

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events