Any best practice for resolving "Host key verification" errors with docker image?

I use the jenkins docker image and I found problems running scp command versus my deploy servers.

The error is the well known “Host key verification failed”, I can’t add keys under “Manually provided keys” because they are used only by GIT

At this time I simply run a shell on the docker container and add hosts using the command

sh-keyscan myserver-01 >> ~/.ssh/known_hosts
sh-keyscan myserver-99 >> ~/.ssh/known_hosts

but when the container is destroyed (and this unluckily happens!!!) I need to re-run the command

I’m considering to create a docker volume for the directory .ssh but it seems a bad decision for security reasons

Does exist some “best practice” to resolve this problem once and for all?

Create a new docker image that inherits from the one one you want.

FROM jenkins/jenkins:2.3.45
RUN ssh-keyscan myserver-01 >> /etc/ssh/known_hosts && \
ssh-keyscan myserver-99 >> /etc/ssh/known_hosts

or make sure you mount a volume to whatever you are storing the known hosts (in your case ~/.ssh/) so they persist between runs/upgrades

1 Like