添加链接
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists

See the git client plugin documentation section on host key verification . You have several choices:

  • If using supported operating systems for controller and agents (no Red Hat Enterprise Linux 7, no CentOS 7, no Oracle Linux 7, no Scientific Linux 7, no Amazon Linux 2, …), you can configure the “accept first” strategy to accept and remember the ssh host key on first connection
  • Provide the ssh host keys for the git repository hosts in the “manually provided keys” strategy
  • Place the ssh host keys in the ~/.ssh/known_hosts on all agents and use the “known hosts” strategy
  • Disable ssh host key verification with the “no verification” strategy (not recommended)
  • MarkEWaite:

    Place the ssh host keys in the ~/.ssh/known_hosts on all agents and use the “known hosts” strategy

    Hey I have also same issue. My Jenkins hosted on Kubernetes cluster using helm, I have set Git Host Key Verification Configuration as ‘known_hosts’ , ofcourse I have created configured SSH Username with private key in Jenkins UI. But Jenkins job thrown this error “Host key verification failed.
    fatal: Could not read from remote repository.You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Configure Global Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.”
    Please help. Thanks.!!

    Maheshrvm:

    You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Configure Global Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.”

    The message says that the agent does not have the ~/.ssh/known_hosts file on its file system.

    When you choose the known hosts strategy, you are responsible to place the known_hosts file on the agent file system. If you don’t have easy control of the contents of the agent file system, then you probably should choose a different strategy, like “accept first”. I prefer “accept first” for any case that does not involve CentOS 7 agents.

    If you can’t avoid CentOS 7 agents, then you could use the manually provided key strategy and provide the list of keys. See the git client plugin documentation for the details of your choices and the impact of those choices.

    Maheshrvm:

    My requirement should choose the known hosts strategy, but i don’t have control on agent file system

    Then your requirement cannot be satisfied. If you can’t place the known_hosts file on the agent file system, then the known hosts strategy cannot work . The known hosts strategy requires a known_hosts file on the agent file system.

    Either your requirement must change (my recommendation) or your control of the agent file system must change.

    Refreshed my Jenkins environment with running Jenkins in Docker with dind. Configured dash>manage jenkins> security > git host key verification > accept first

    Configured ‘multi-branch pipeline’ with credential using SSH private key.

    Pipeline cannot access git with error that ignores security setting to accept git host key:

    Scan Multibranch Pipeline Log

    Started by user Peter Ziobrzynski
    [Tue Apr 09 04:29:08 UTC 2024] Starting branch indexing…

    git --version # timeout=10
    git --version # ‘git version 2.39.2’
    using GIT_SSH to set credentials
    Verifying host key using known hosts file
    You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.
    git ls-remote --symref – [email protected] :zpzinet/bld.git # timeout=10
    ERROR: [Tue Apr 09 04:29:08 UTC 2024] Could not update folder level actions from source 45d2e65d-d200-44b9-afa8-b7fb13cb3212
    [Tue Apr 09 04:29:08 UTC 2024] Finished branch indexing. Indexing took 0.36 sec

    pzi123:

    You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.

    That message indicates that you’re using “known hosts” and not using “accept first”.

    I’ve not seen a case where the setting was ignored. It is probably best to submit a git client plugin issue with enough details so that others can duplicate the issue on a new installation of Jenkins. “How to report an issue” provides detailed instructions on the information that needs to be included in the bug report.

    Since the output of git --version shows 2.39, I assume that neither the controller nor any of your agents are running an unsupported operating system like Red Hat Enterprise Linux 7, CentOS 7, Scientific Linux 7, Oracle Linux 7, or Amazon Linux 2. Those unsupported Linux operating systems have a version of OpenSSH that is too old to support the “accept first” configuration.

    I managed to find a fix. Basically start from scratch by deleting Jenkins configuration and adding the configuration again. My configuration follows Jenkins docker based installation with two containers. I converted manual startup of the containers with the docker-compose. The starting over procedure is simple and done by shutting down the docker-compose with -v option that deletes all docker volumes:

    cd /etc/docker/compose/jenkins
    docker-compose down -v
    docker-compose up -d

    I have a theory what caused the know_hosts configuration issues. I aborted the initial pipeline run after the configuration of the pipeline. This must have left Jenkins configuration in some unknown state and resulted in that security option changes being ignored. For the record the jenkins container I am using is jenkins/jenkins:2.440.2-jdk17.

    Where exactly does the known_host file need to be placed? Because my jenkins home is /var/lib/jenkins/ and I’ve placed a file there in .ssh/ . I’ve also placed it in /etc/ssh/ssh_known_hosts and in /home/jenkins/.ssh/known_hosts . Jenkins still displays the warning:

    You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.

    So I’m a bit stumped. Where else would it be?