Host Key Verification failed - downloading terraform modules via ssh

Question

Trying to do an ssh connect to github to download terraform modules in Jenkins . The terraform init below will error

      steps {
        container('deploy') {
       
          sh "apt-get update && apt-get install ssh -y"
          withCredentials([sshUserPrivateKey(credentialsId: 'github-deploy-key', keyFileVariable: 'IDENTITY_FILE')]) {

              sh '''
              git config core.sshCommand "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${IDENTITY_FILE}"
               
              terraform init  //fails here - terraform init references github modules
              '''
            }
          
        }
      }

Then in the jenkins build console log - I get a

..Could not download module "network" source code from "git@github.com:GithubOrg/my-repo.git?ref-c322334..."

Host key verification failed.
fatal: could not read from remote repository.

I would have thought setting 'StrictHostKeyChecking=no` would prevent the host key error.

I am able to run a terraform init locally with the same ssh keypair and it can connect to the Github repo with no problems and download the code. But in Jenkins in this container step it does not work. Any suggestions?

Should I be setting the ssh known_hosts file inside the container somehow ?

Answer 1

I ended up having to set the known_hosts file and use the sshagent plugin in jenkins .

container('deploy') {
          sh "apt-get update && apt-get install ssh -y"
          sshagent (credentials: ['github-deploy-key']) {

              sh '''
              mkdir -p ~/.ssh
              ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts

              cd terraform
              tfenv use 0.13.7
              terraform init

              '''
            }
          }

--

The public deploy key sits on the repo, and the private key is in the Jenkins credential manager.