Azure-pipelines-tasks: InstallSSHKey - "Host key verification failed." after installing ssh key

Created on 9 Apr 2019 · 5Comments · Source: microsoft/azure-pipelines-tasks

Required Information

Entering this information will route you directly to the right team and expedite traction.

Question, Bug, or Feature?
Type: Bug

Environment

Agent - Hosted or Private:
- If using Hosted agent, provide agent queue name: Hosted Ubuntu 1604

Issue Description

Installed ssh key using the InstallSSHKey task, in azure pipelines, after that executed a bash script with git clone, which requires ssh connection. While executing the git clone the error ocurrs: Host key verification failed.

Task logs

steps:
- task: InstallSSHKey@0
  displayName: 'Install an SSH key'
  inputs:
    hostName: bitbucket.org
    sshPublicKey: '****'
    sshKeySecureFile: '****'

InstallSSHKey Task Execution log

2019-04-09T15:23:54.5592273Z ##[section]Starting: Install an SSH key
2019-04-09T15:23:54.5830187Z ==============================================================================
2019-04-09T15:23:54.5830341Z Task         : Install SSH Key
2019-04-09T15:23:54.5830385Z Description  : Install an SSH key prior to a build or release
2019-04-09T15:23:54.5830449Z Version      : 0.141.2
2019-04-09T15:23:54.5830489Z Author       : Microsoft Corporation
2019-04-09T15:23:54.5830571Z Help         : [More information](https://go.microsoft.com/fwlink/?linkid=875267)
2019-04-09T15:23:54.5830618Z ==============================================================================
2019-04-09T15:23:58.8106207Z [command]/usr/bin/ssh-agent
2019-04-09T15:23:58.9108151Z SSH_AUTH_SOCK=/tmp/ssh-HL0mWERJf86I/agent.3324; export SSH_AUTH_SOCK;
2019-04-09T15:23:58.9108629Z SSH_AGENT_PID=3325; export SSH_AGENT_PID;
2019-04-09T15:23:58.9108909Z echo Agent pid 3325;
2019-04-09T15:23:58.9150245Z [command]/usr/bin/ssh-add -L
2019-04-09T15:23:59.0096737Z The agent has no identities.
2019-04-09T15:23:59.0219293Z [command]/usr/bin/ssh-add /home/vsts/work/_temp/azure_***
2019-04-09T15:23:59.0277641Z Identity added: /home/vsts/work/_temp/azure_*** (/home/vsts/work/_temp/azure_***)
2019-04-09T15:23:59.0300383Z [command]/usr/bin/ssh-add
2019-04-09T15:23:59.0688825Z ##[section]Finishing: Install an SSH key

failed script task log:

2019-04-09T15:24:08.4138732Z ##[section]Starting: Command Line Script
2019-04-09T15:24:08.4141199Z ==============================================================================
2019-04-09T15:24:08.4141271Z Task         : Command Line
2019-04-09T15:24:08.4141336Z Description  : Run a command line script using cmd.exe on Windows and bash on macOS and Linux.
2019-04-09T15:24:08.4141386Z Version      : 2.148.0
2019-04-09T15:24:08.4141446Z Author       : Microsoft Corporation
2019-04-09T15:24:08.4141494Z Help         : [More Information](https://go.microsoft.com/fwlink/?LinkID=613735)
2019-04-09T15:24:08.4141571Z ==============================================================================
2019-04-09T15:24:08.5390094Z Generating script.
2019-04-09T15:24:08.5407340Z ========================== Starting Command Output ===========================
2019-04-09T15:24:08.5434583Z [command]/bin/bash --noprofile --norc /home/vsts/work/_temp/8120cc21-4164-4d08-8b2b-62ccd9d812ca.sh
2019-04-09T15:24:08.5492005Z /home/vsts/work/_temp/8120cc21-4164-4d08-8b2b-62ccd9d812ca.sh
2019-04-09T15:24:08.5493445Z known_hosts
2019-04-09T15:24:08.5501239Z + echo /home/vsts/work/_temp/8120cc21-4164-4d08-8b2b-62ccd9d812ca.sh
2019-04-09T15:24:08.5501768Z + GIT_SSH_COMMAND='ssh -vvv'
2019-04-09T15:24:08.5501965Z + ls /home/vsts/.ssh
2019-04-09T15:24:08.5502464Z + cat /home/vsts/.ssh/known_hosts
2019-04-09T15:24:08.5502552Z + git clone [email protected]:*****/*****.git
2019-04-09T15:24:08.5504672Z bitbucket.org
2019-04-09T15:24:08.5507284Z Cloning into '*****'...
2019-04-09T15:24:11.0754875Z Host key verification failed.
2019-04-09T15:24:11.0755302Z fatal: Could not read from remote repository.
2019-04-09T15:24:11.0755398Z 
2019-04-09T15:24:11.0755462Z Please make sure you have the correct access rights
2019-04-09T15:24:11.0755523Z and the repository exists.
2019-04-09T15:24:11.0877593Z ##[error]Bash exited with code '128'.
2019-04-09T15:24:11.0904033Z ##[section]Finishing: Command Line Script

Troubleshooting

Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting

Error logs

CrossPlatform bug

Source

mjscosta

All 5 comments

Apparently the host signature is not being added to ~/.ssh/known_hosts file.

executing the command ssh-keyscan bitbucket.org > ~/.ssh/known_hosts solves the issue.

mjscosta on 9 Apr 2019

@mjscosta I believe the task is expecting you to provide the host signature via the hostName field rather than just bitbucket.org

See: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/install-ssh-key?view=azure-devops for instructions

joshmgross on 10 Apr 2019

👍1

@joshmgross Indeed, I've missunderstand the docs, thanks. It is now working. I'll close the issue.

mjscosta on 12 Apr 2019

@mjscosta I am having the same issue. Maybe I misunderstood the docs just like you did. 😅
What did you have to change from your initial task commands?

sney-kqa on 2 Jun 2020

👀1

@mjscosta I am also curious what you did to solve it, @sney-kqa did manage to resolve it?

Install private SSH key

   - task: InstallSSHKey@0
    displayName: 'Install an SSH key'
    inputs:
      knownHostsEntry: bitbucket.org
      sshPublicKey: 'xxx'
      sshKeySecureFile: 'id_rsa'

The key works when I attempt it on our private build server

C:\agent\_work\2\s>ssh -T [email protected]
logged in as xxx

You can use git or hg to connect to Bitbucket. Shell access is disabled

But still getting a host key verification failed error when trying a

git pull [email protected]:org/repo.git $(Build.SourceBranch)

Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Is there a reason the persistCredentials property on checkout can't help us???

- checkout
  persistCredentials: true

Edit - ended up with seeing what a git remote -v showed and am know using that https URL with a checkout persistCredentials and it seems to do the trick so far
https://bitbucket.org/org/repo
git pull https://bitbucket.org/org/repo $(Build.SourceBranch)

BlairMcc on 25 Jun 2020

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Azure Pipeline public build throws TF400813: The user is not authorized to access this resource error when the Publish Build Artifacts task is executed

MarkIannucci · 3Comments

sh macosx - cannot execute binary file

alexszilagyi · 3Comments

[Question] Share Service Endpoints between Projects?

MikahB · 3Comments

[Feature Request] - KubernetesV1 - Don't force commands to use '-o' json/yaml

HenrikStanley · 3Comments

Update to Task version 1.1.9 results in SQLCMD path issue on build server

divyesh-parikh · 3Comments