Error "Host key verification failed."

Hello,
I am currently looking to make CI/CD. To do this I followed this tuto: Effectuer un déploiement automatique vers Kinsta avec GitLab CI/CD (avancé)

Unfortunately I have an error which is : Host key verification failed.

According to the support, my configuration at kinsta is well configured and the problem would come from gitlab. But I have looked at several posts and I did not find anything.

Could someone help me?

Can you post the entire error message for Host Key verification failed? This is normally to do with SSH, and it will most likely reference in that error message to a line number in ~/.ssh/known_hosts of which it’s usually because of a key conflict because it changed on the server because it was reinstalled, or something else similar eg if the same IP was used previously for another server before it was installed with Gitlab perhaps.

Hello,

Sorry for the delay in answering.

Here is the error I have:

Concerning the know_host file, there would be no problem according to the Kinsta support.

Try replacing ssh with:

ssh -oStrictHostKeyChecking=no

since if the key hasn’t been accepted yet, then it will ask do you want to accept it yes/no. Alternatively, you can also do this in your CI file just before the SSH command:

echo "HOST *" > ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config

then you can use the ssh command without passing additional parameters. The echo commands only needs to be done once, say at the beginning of the section, then all future ssh commands will use the config file.

A sample .gitlab-ci.yml where I do the same thing:

build:
  image: ubuntu:focal
  stage: build
  script:
    - echo "deb http://archive.ubuntu.com/ubuntu focal main restricted universe multiverse" > /etc/apt/sources.list
    - echo "deb http://archive.ubuntu.com/ubuntu focal-security main restricted universe multiverse" >> /etc/apt/sources.list
    - echo "deb http://archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse" >> /etc/apt/sources.list
    - apt-get update
    - DEBIAN_FRONTEND="noninteractive" TZ="Europe/Warsaw" apt-get install tzdata -y
    - apt-get install git lsb-release rsync sudo wget -y
    - echo "HOST *" > ~/.ssh/config
    - echo "StrictHostKeyChecking no" >> ~/.ssh/config
    - ssh myhost "commands to run"

otherwise, using the ssh parameter from the first example I gave:

build:
  image: ubuntu:focal
  stage: build
  script:
    - echo "deb http://archive.ubuntu.com/ubuntu focal main restricted universe multiverse" > /etc/apt/sources.list
    - echo "deb http://archive.ubuntu.com/ubuntu focal-security main restricted universe multiverse" >> /etc/apt/sources.list
    - echo "deb http://archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse" >> /etc/apt/sources.list
    - apt-get update
    - DEBIAN_FRONTEND="noninteractive" TZ="Europe/Warsaw" apt-get install tzdata -y
    - apt-get install git lsb-release rsync sudo wget -y
    - ssh -oStrictHostKeyChecking=no myhost "commands to run"

as you can see in the second example, I pass the additional parameter on the command line, rather than setting it globally for all hosts in .ssh/config.

2 Likes

We solved this using a simple template as before script:

.before_script_ssh: &before_script_ssh
  before_script:
    - mkdir -p ~/.ssh
    - touch ~/.ssh/known_hosts
    - cd ~/.ssh
    - echo "${SSH_PRIVATE_KEY}" > id_rsa
    - chmod 0400 id_rsa
    - ssh-keyscan -t rsa  ${WEBSERVER} >> ~/.ssh/known_hosts

Replace or set ${WEBSERVER} and you should be ready to go.

I just tried adding this:

ssh -oStrictHostKeyChecking=no

And it seems to have worked. I will come back to you if I have any other problem and if you don’t mind.

Thanks for your answer!

Thank you for your answer, it may indeed interest me too.

With the iwalker method I managed to establish a connection. But your code may interest me too. I’m doing the tests with the other method and I’ll look at yours later.

Thanks a lot for your answer