Compose: SSHException: Server not found in known_hosts when using non-default SSH port

Created on 22 Oct 2019 · 5Comments · Source: docker/compose

Description of the issue

When using a non-default SSH port, docker-compose doesn't want to execute any command (e.g. docker-compose pull) on the remote host. It fails with the server not being found in known_hosts.
On the same remote host, when using the default SSH port 22, it does succeed in executing the command. Docker itself has no issues as far as I can tell.

In both cases, the server is in the known hosts file, and connecting normally through ssh directly does work.

Context information (for bug reports)

Output of docker-compose version

docker-compose version 1.24.1, build 4667896
docker-py version: 3.7.3
CPython version: 3.7.5
OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019

Output of docker version

Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:49:05 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:55:51 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Output of docker-compose config
I think this is irrelevant in this issue, but in any case:

services:
  server:
    environment:
      MINECRAFT_ARGUMENTS: -Xms215M -Xmx1024M
      MINECRAFT_PATH: minecraft/server.jar
      PROXY_PORT: '27035'
    image: registry.gitlab.com/archomeda/minecraft-reverse-proxy
    ports:
    - published: 27035
      target: 27035
    restart: unless-stopped
    volumes:
    - /home/docker/data/minecraft-reverse-proxy-vanilla:/app/storage:rw
version: '3.3'

Steps to reproduce the issue

Start an SSH server on a non-default SSH port, e.g. 2222
ssh-keyscan -H -p <port> <host> and add the contents to ~/.ssh/known_hosts
export DOCKER_HOST=ssh://<host>:<port>
Run e.g. docker-compose pull

Observed result

The command fails with SSHException: Server '[\

Expected result

The command to succeed.

Stacktrace / full error message

Connected (version 2.0, client OpenSSH_7.6p1)
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python3.7/site-packages/compose/cli/main.py", line 71, in main
    command()
  File "/usr/lib/python3.7/site-packages/compose/cli/main.py", line 124, in perform_command
    project = project_from_options('.', options)
  File "/usr/lib/python3.7/site-packages/compose/cli/command.py", line 42, in project_from_options
    compatibility=options.get('--compatibility'),
  File "/usr/lib/python3.7/site-packages/compose/cli/command.py", line 123, in get_project
    host=host, environment=environment
  File "/usr/lib/python3.7/site-packages/compose/cli/command.py", line 94, in get_client
    environment=environment, tls_version=get_tls_version(environment)
  File "/usr/lib/python3.7/site-packages/compose/cli/docker_client.py", line 127, in docker_client
    client = APIClient(**kwargs)
  File "/usr/lib/python3.7/site-packages/docker/api/client.py", line 166, in __init__
    base_url, timeout, pool_connections=num_pools
  File "/usr/lib/python3.7/site-packages/docker/transport/sshconn.py", line 84, in __init__
    self._connect()
  File "/usr/lib/python3.7/site-packages/docker/transport/sshconn.py", line 94, in _connect
    parsed.hostname, parsed.port, parsed.username,
  File "/usr/lib/python3.7/site-packages/paramiko/client.py", line 416, in connect
    self, server_hostkey_name, server_key
  File "/usr/lib/python3.7/site-packages/paramiko/client.py", line 824, in missing_host_key
    "Server {!r} not found in known_hosts".format(hostname)
paramiko.ssh_exception.SSHException: Server '[<host>]:<port>' not found in known_hosts

Additional information

N/A

kinbug stale statu0-triage

Source

Archomeda

Most helpful comment

I think this issue goes further: if the server hostname is not exactly as it is in the known_hosts file, things fail.
In my case, I had the server IP in ~/.ssh/known_hosts but was calling the docker-compose command with a host name, which it obviously didn't find in the known_hosts file.

Quick solution: set DOCKER_HOST the same way it appears in your known_hosts file

But otherwise, more robust code in paramiko would be nice

mnzaki on 9 Dec 2019

❤2 👍2

All 5 comments

Quick solution: set DOCKER_HOST the same way it appears in your known_hosts file

But otherwise, more robust code in paramiko would be nice

mnzaki on 9 Dec 2019

❤2 👍2

Run in the same issue. Usage of hostname doesn't worked for me, but it works with the IP address.

Bessonov on 28 Dec 2019

Same issue:

export DOCKER_HOST="ssh://[email protected]:1234"
docker-compose pull
[...]
paramiko.ssh_exception.SSHException: Server '[host.example.com]:1234' not found in known_hosts

I cleaned known_hosts and logged in once manually. I noticed this:

ssh host.example.com
Warning: Permanently added '[1.2.3.4]:2202' (ECDSA) to the list of known hosts.

So now if I export DOCKER_HOST="ssh://[email protected]:1234"

Suddenly it works. I never had this issue until ssh daemon was switched away from the default port.
I feel this shouldn't require so much fuss simply to run.

silviuvulcan on 20 May 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.