Any best practice for resolving "Host key verification" errors with docker image?

dfug · January 24, 2023, 7:39am

I use the jenkins docker image and I found problems running scp command versus my deploy servers.

The error is the well known “Host key verification failed”, I can’t add keys under “Manually provided keys” because they are used only by GIT

At this time I simply run a shell on the docker container and add hosts using the command

sh-keyscan myserver-01 >> ~/.ssh/known_hosts
sh-keyscan myserver-99 >> ~/.ssh/known_hosts

but when the container is destroyed (and this unluckily happens!!!) I need to re-run the command

I’m considering to create a docker volume for the directory .ssh but it seems a bad decision for security reasons

Does exist some “best practice” to resolve this problem once and for all?

halkeye · January 24, 2023, 10:04pm

Create a new docker image that inherits from the one one you want.

FROM jenkins/jenkins:2.3.45
RUN ssh-keyscan myserver-01 >> /etc/ssh/known_hosts && \
ssh-keyscan myserver-99 >> /etc/ssh/known_hosts

or make sure you mount a volume to whatever you are storing the known hosts (in your case ~/.ssh/) so they persist between runs/upgrades

Topic		Replies	Views
Problem when using 'Advanced sub-modules behaviours' Ask a question question	2	1739	August 22, 2023
Questions about jenkins/ssh-agent:alpine docker image Ask a question docker	0	847	June 5, 2023
SSH agent connection Ask a question docker	0	1204	May 4, 2023
Jenkins Agent Dockerfile .ssh keys Ask a question	2	576	November 16, 2023
No such host error in Jenkins pipeline when pushing docker image to unauthorized private registry Ask a question question , docker	12	6135	December 10, 2021