Azure-devops-docs: SSH Task says it completes but the Key is not available later in the Build

Created on 8 Aug 2018 · 16Comments · Source: MicrosoftDocs/azure-devops-docs

Task 1 (SSH Key Task)
2018-08-08T17:26:22.3710635Z [command]/usr/bin/ssh-add -L
2018-08-08T17:26:22.3727802Z The agent has no identities.
2018-08-08T17:26:22.3873915Z [command]/usr/bin/ssh-add /opt/vsts/work/_temp/id_rsa
2018-08-08T17:26:22.4001402Z [command]/usr/bin/ssh-add
2018-08-08T17:26:22.4019099Z Enter passphrase for /opt/vsts/work/_temp/id_rsa: 
2018-08-08T17:26:22.4867866Z ##[section]Finishing: Install an SSH key

Task 2
cat: /opt/vsts/work/_temp/id_rsa: No such file or directory

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 9ce9d017-fc43-c904-d94b-87cf91265ffc
Version Independent ID: ecf3b0b7-6c2c-1cd9-33a9-2cf562932e2b
Content: Install SSH Key
Content Source: docs/pipelines/tasks/utility/install-ssh-key.md
Product: devops
GitHub Login: @erickson-doug
Microsoft Alias: dastahel

Pri2 bug devopprod

Source

whytoe

All 16 comments

@steved0x is there anyone else that can look at this? The documentation on the task doesnt give specific usage that I was able to find

whytoe on 20 Aug 2018

I think the intent is that it just "installs" the key into a (running) ssh-agent, so you shouldn't need to actually touch the key itself. If you use this task and then make a powershell call like "ssh myuser@myhost 'ls -lah'" as part of the same phase, it should work if myuser@myhost has the public key in their authorized_keys file. If you're coming from Jenkins, it's similar to doing sshagent([sshCredentialId]) { sh 'ssh myuser@myhost "ls -lah"' }.

thomas5k on 31 Aug 2018

I tried to use it in the same task but that failed, i will try the suggestion but the task isn't descriptive

whytoe on 2 Sep 2018

I couldn't get this task to work either. After the SSH Key was successfully installed it is not available to the agent.

Running ls ~/.ssh on the agent reveals an empty key folder:
2018-10-24T17:33:40.8141338Z drwxr-xr-x 1 VssAdministrator 197121 0 Oct 24 17:33 .
2018-10-24T17:33:40.8141445Z drwxr-xr-x 1 VssAdministrator 197121 0 Oct 24 17:33 ..
2018-10-24T17:33:40.8141492Z -rw-r--r-- 1 VssAdministrator 197121 28 Oct 24 17:33 known_hosts

JonnyWaffles on 24 Oct 2018

I haven't been able to use the key when trying to clone a target repo from bitbucket. When testing on my local machine, I'm able to use the same key to clone the target bitbucket repo. Running ssh-add -L lists the key and cat'ing known_hosts displays "bitbucket.org"; however when trying to clone the target bitbucket repo, I get a "Host key verification failed." error.

schroerbrian on 12 Dec 2018

Got the same problem here. What is the status now?

yangli6 on 15 Dec 2018

I have the same problem.

igor-sadchenko on 22 Dec 2018

Same issue. I have a bitbucket dependency in my package.json, and even installing & configuring a key on both ends, npm install fails with Host key verification failed error. Would love to see a fix.

amanpatel on 9 Jan 2019

This bug still exists on the build agent "Hosted Ubuntu 1604", but on "Hosted Linux Preview" build agent, this bug cannot be reproduced. However, MS is going to remove "Hosted Linux Preview" agent pool from December 1, 2018, so be careful. It looks like this bug is related to the Ubuntu build agent, so another workaround in my mind is to set up your own build agent, and it is obviously required some maintenance works.

yangli6 on 9 Jan 2019

😕1

Hello,

I am having the same issue with ruby (bundle) with private github repos even when specifying the correct SSH key

2019-01-25T22:50:20.1255624Z Host key verification failed.
2019-01-25T22:50:20.1256391Z fatal: Could not read from remote repository.
2019-01-25T22:50:20.1256654Z
2019-01-25T22:50:20.1257132Z Please make sure you have the correct access rights
2019-01-25T22:50:20.1257400Z and the repository exists.

Any ideas?

andresbarcenas on 26 Jan 2019

👍1

These are the steps I used to get it working:
1) Create an SSH key on your local dev box (ssh-keygen), which will create a mykey, and mykey.pub file
2) Upload the mykey.pub (public) SSH key to your source provider (GitHub or Bitbucket) via their supplied means
3) On your dev box, add the ssh-key (ssh-add ~/.ssh/github_id_rsa)
4) Checkout the source on your dev box (git clone [email protected]:orgname/reponame.git)
5) While checking out the repository, you should be prompted whether to effectively add the key to your known_hosts file. Type 'yes'.
6) Open your known_hosts file (C:\Users\<username>\.ssh\known_hosts or ~/.ssh/known_hosts)

You now have everything you need to correctly fill in the Install SSH Key task:

'Known Hosts Entry' - Is the line in step 6
'SSH Key', 'SSH Public Key', and 'SSH Passphrase' - were created in step 1

I hope this clears things up. Please let me know if you have other questions.

lkillgore on 1 Feb 2019

👎1 👍1

The above, last-most comment has been documented. Please reopen if any issues remain.

davidstaheli on 10 Mar 2019

You may need to add/run the following as some git clients on windows will not use the correct keystore:

git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"

cdesewell on 19 Mar 2019

I changed my build agent to mac and it worked. I think this task doesn't work the same across the various platforms, but SSH mechanics have always been different across the various OS platforms.

Lutando on 5 Jul 2019

As a follow up to this you need to do the steps on the same architecture as your pipeline is running on. I was trying to generate a key locally on a Mac and kept on running into log in issues, I had to redo the steps above in a docker container to get the correct values.

lukewiwa on 21 Jul 2019

I am getting the same error as i cannot see any key being copied to .ssh folder. I am using docker container as a build agent with Ubuntu 18. Also when i run some commands after using Install Leys step, those commands doesnt work and i get the error - Host key verification failed.