SSH Host Key Verification Failed inside GitLab CI
A server can have multiple signatures in case of load balanced server. Ideal way is to change
- echo "$SSH_KNOWN_HOSTS" >> /.ssh/known_hosts
to
- ssh-keyscan www.gitlab.com >> /.ssh/known_hosts
You may need to try setting the mode to 644 rather than 700. 644 is what is suggested in the Verifying the SSH host keys documentation, and is also what SSH uses for this file by default. Some parts of SSH are very particular about this - I'm not sure if known_hosts is particular.
The docs also mention you should set the value of SSH_KNOWN_HOSTS
variable to the entire output of ssh-keyscan
since there are multiple keys.
EDIT:
The following .gitlab-ci.yml
worked for me on GitLab.com. Note the use of ~/.ssh/
rather than /.ssh/
.
image: ubuntu:latest
test_job:
script:
- apt-get update
- apt-get install openssh-client git-core -y
- eval $(ssh-agent -s)
- echo "$SSH_DEPLOY_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh && touch ~/.ssh/known_hosts
- echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
- git clone [email protected]:gitlab-org/gitlab-ce.git