1

In Azure DevOps Pipelines I want to SSH to a private repo with dependencies. I am getting following error:

Host key verification failed. fatal: Could not read from remote repository.

Despite uploading private key to secure files and public key is set in project variables.

see below

steps:  
- task: InstallSSHKey@0
  inputs:
    hostName: $(hostname)
    sshPublicKey: $(testkey.pub)
    sshPassphrase: $(passphrase)
    sshKeySecureFile: testkey


- script: |
    git clone [email protected]:xxxx/xxxxx.git
  displayName: 'clone repo'
Improve this question
0

3 Answers 3

Reset to default
3

Host key verification failed

This doesn't refer to the SSH key you're trying to use to connect. It refers to the server's SSH public key fingerprint. This is the thing you see (and should check) when you first connect to a new machine.

Verifying the host key fingerprint protects against man-in-the-middle attacks, where a malicious third party could sit between you and your target server passing communication back and forth while observing or modifying said communication. The Azure documentation discusses this as well.

Manually SSH to the machine once, check that the fingerprint is what you expect it to be, and accept it. Subsequent connections should work unless the fingerprint changes.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Maybe not the best solution:

  • bash: ssh-keyscan -t rsa < host_name > >> ~/.ssh/known_hosts
Improve this answer

2 Comments

Please provide additional details in your answer. As it's currently written, it's hard to understand your solution.
It's always better to actually verify these keys than to blindly trust them.
1

Can't comment on the previous post 'cause I've got less than 50 rep, but what anca was saying is paste from the following into the known_hosts file:

On Windows, this involves:

  1. Run Bash
  2. Copy the output starting "ssh.dev.azure.com ssh-rsa..."
  3. Paste into C:\Users<username>.ssh\known_hosts
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.