stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists
See the
git client plugin documentation section on host key verification
. You have several choices:
If using supported operating systems for controller and agents (no Red Hat Enterprise Linux 7, no CentOS 7, no Oracle Linux 7, no Scientific Linux 7, no Amazon Linux 2, …), you can configure the “accept first” strategy to accept and remember the ssh host key on first connection
Provide the ssh host keys for the git repository hosts in the “manually provided keys” strategy
Place the ssh host keys in the
~/.ssh/known_hosts
on all agents and use the “known hosts” strategy
Disable ssh host key verification with the “no verification” strategy (not recommended)
MarkEWaite:
Place the ssh host keys in the
~/.ssh/known_hosts
on all agents and use the “known hosts” strategy
Hey I have also same issue. My Jenkins hosted on Kubernetes cluster using helm, I have set Git Host Key Verification Configuration as ‘known_hosts’ , ofcourse I have created configured SSH Username with private key in Jenkins UI. But Jenkins job thrown this error “Host key verification failed.
fatal: Could not read from remote repository.You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Configure Global Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.”
Please help. Thanks.!!
Maheshrvm:
You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Configure Global Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.”
The message says that the agent does not have the
~/.ssh/known_hosts
file on its file system.
When you choose the known hosts strategy, you are responsible to place the known_hosts file on the agent file system. If you don’t have easy control of the contents of the agent file system, then you probably should choose a different strategy, like “accept first”. I prefer “accept first” for any case that does not involve CentOS 7 agents.
If you can’t avoid CentOS 7 agents, then you could use the manually provided key strategy and provide the list of keys. See the
git client plugin documentation
for the details of your choices and the impact of those choices.
Maheshrvm:
My requirement should choose the known hosts strategy, but i don’t have control on agent file system
Then your requirement cannot be satisfied. If you can’t place the
known_hosts
file on the agent file system, then the known hosts strategy
cannot work
. The known hosts strategy requires a known_hosts file on the agent file system.
Either your requirement must change (my recommendation) or your control of the agent file system must change.
Refreshed my Jenkins environment with running Jenkins in Docker with dind. Configured dash>manage jenkins> security > git host key verification > accept first
Configured ‘multi-branch pipeline’ with credential using SSH private key.
Pipeline cannot access git with error that ignores security setting to accept git host key:
Scan Multibranch Pipeline Log
Started by user Peter Ziobrzynski
[Tue Apr 09 04:29:08 UTC 2024] Starting branch indexing…
git --version # timeout=10
git --version # ‘git version 2.39.2’
using GIT_SSH to set credentials
Verifying host key using known hosts file
You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.
git ls-remote --symref –
[email protected]
:zpzinet/bld.git # timeout=10
ERROR: [Tue Apr 09 04:29:08 UTC 2024] Could not update folder level actions from source 45d2e65d-d200-44b9-afa8-b7fb13cb3212
[Tue Apr 09 04:29:08 UTC 2024] Finished branch indexing. Indexing took 0.36 sec
pzi123:
You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.
That message indicates that you’re using “known hosts” and not using “accept first”.
I’ve not seen a case where the setting was ignored. It is probably best to
submit a git client plugin issue
with enough details so that others can duplicate the issue on a new installation of Jenkins.
“How to report an issue”
provides detailed instructions on the information that needs to be included in the bug report.
Since the output of
git --version
shows 2.39, I assume that neither the controller nor any of your agents are running an unsupported operating system like Red Hat Enterprise Linux 7, CentOS 7, Scientific Linux 7, Oracle Linux 7, or Amazon Linux 2. Those unsupported Linux operating systems have a version of OpenSSH that is too old to support the “accept first” configuration.
I managed to find a fix. Basically start from scratch by deleting Jenkins configuration and adding the configuration again. My configuration follows Jenkins docker based installation with two containers. I converted manual startup of the containers with the docker-compose. The starting over procedure is simple and done by shutting down the docker-compose with -v option that deletes all docker volumes:
cd /etc/docker/compose/jenkins
docker-compose down -v
docker-compose up -d
I have a theory what caused the know_hosts configuration issues. I aborted the initial pipeline run after the configuration of the pipeline. This must have left Jenkins configuration in some unknown state and resulted in that security option changes being ignored. For the record the jenkins container I am using is jenkins/jenkins:2.440.2-jdk17.
Where exactly does the
known_host
file need to be placed? Because my jenkins home is
/var/lib/jenkins/
and I’ve placed a file there in
.ssh/
. I’ve also placed it in
/etc/ssh/ssh_known_hosts
and in
/home/jenkins/.ssh/known_hosts
. Jenkins still displays the warning:
You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.
So I’m a bit stumped. Where else would it be?