SSH push mirror to Bitbucket smart mirror

ssh
mirroring
#1

I have a self hosted GitLab EE Omnibus installation. I have a few repositories on this instance that I have configured for SSH push mirroring to another Bitbucket installation. The SSH push mirroring works for a while and then starts failing with an error that the “host key verification failed”. In digging into this I’ve found that the Bitbucket installation is using “smart mirroring”. From what I can tell this means that ephemeral hosts will periodically be added to handle additional push/pull workload. However, this also means that I can’t guarantee that the SSH host key for the Bitbucket side of the mirror won’t change. So, I’m looking for a way to disable host key checking through GitLab.

#2

If GitLab is mirroring via ssh pushes, you can always edit the /etc/ssh/ssh_config file to bypass the known hosts authorization on the GitLab machine directly.

Here is a link describing how to do that: https://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

What I like about that approach is that you can whitelist specific domain ranges (although if someone can mess with the DNS you’re still vulnerable).