1

I’ve an automated tests repository and want to put that in a step of build, before to do a deploy. But the clone repository steps fails (only last run step):

automation:
    executor: web-app-executor
    steps:
      - add_ssh_keys:
          fingerprints:
            - '<my_fingerprint>'
      - run:
          name: Trust github ssh
          command: >-
            GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_myfingerprint'
            mkdir -p ~/.ssh
            echo 'github.com ssh-rsa <key>
            bitbucket.org ssh-rsa <key>
            ' >> ~/.ssh/known_hosts
      - run:
          name: Github host
          command: ssh-keyscan -p 443 ssh.github.com >> ~/.ssh/known_hosts
      - run:
          name: Clone automation repository
          command: git clone git@github.com:<Domain>/tests-cypress.git

Error:

#!/bin/bash -eo pipefail
git clone git@github.com:Onyo/tests-cypress.git
Cloning into 'tests-cypress'...
The authenticity of host 'github.com (140.82.113.3)' can't be established.
RSA key fingerprint is SHA256:<finger>.
pcontiero
  • 11
  • 2
  • Your edit seems to suggests a known_hosts issue. I don't think the line you have added are correct in that file. See my edited answer. – VonC Jan 12 '21 at 12:01
  • If only the last run is executed, try for testing to simplify, with just one run step, to check if that one works, then add a second. – VonC Jan 12 '21 at 12:23

1 Answers1

0

A typical ssh preparation step would involve setting the right protection:

# Prepare SSH
mkdir -p .ssh
chmod 700 .ssh
pushd .ssh
touch authorized_keys                               #  Edit to add allowed connections
touch id_rsa                                        #  Edit to add private key
touch id_rsa.pub                                    #  Edit to add public key
chmod 600 authorized_keys
chmod 600 id_rsa
chmod 644 id_rsa.pub
popd

In your case, the chmod are missing, which could cause the issue (but the exact error message would be helpful)

Regarding the host authentication, adds as in here:

  ##
  ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
  ## with your own domain name. You can copy and repeat that command if you have
  ## more than one server to connect to.
  ##
  - ssh-keyscan github.com >> ~/.ssh/known_hosts
  - ssh-keyscan bitbucket.org >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts

Warning March 2023:

"GitHub has updated its RSA SSH host key"

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250