git stderr: Host key verification failed.

vinay · November 11, 2022, 1:48pm

HEAD" returned status code 128:
stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists

MarkEWaite · November 11, 2022, 1:53pm

See the git client plugin documentation section on host key verification. You have several choices:

If using reasonably newer operating systems for controller and agents (no Red Hat 7, no CentOS 7), you can configure the “accept first” strategy to accept and remember the ssh host key on first connection
Provide the ssh host keys for the git repository hosts in the “manually provided keys” strategy
Place the ssh host keys in the ~/.ssh/known_hosts on all agents and use the “known hosts” strategy
Disable ssh host key verification with the “no verification” strategy (not recommended)

Maheshrvm · January 18, 2023, 2:14pm

Hey I have also same issue. My Jenkins hosted on Kubernetes cluster using helm, I have set Git Host Key Verification Configuration as ‘known_hosts’ , ofcourse I have created configured SSH Username with private key in Jenkins UI. But Jenkins job thrown this error “Host key verification failed.
fatal: Could not read from remote repository.You’re using ‘Known hosts file’ strategy to verify ssh host keys, but your known_hosts file does not exist, please go to ‘Manage Jenkins’ → ‘Configure Global Security’ → ‘Git Host Key Verification Configuration’ and configure host key verification.”
Please help. Thanks.!!

MarkEWaite · January 18, 2023, 3:40pm

The message says that the agent does not have the ~/.ssh/known_hosts file on its file system.

When you choose the known hosts strategy, you are responsible to place the known_hosts file on the agent file system. If you don’t have easy control of the contents of the agent file system, then you probably should choose a different strategy, like “accept first”. I prefer “accept first” for any case that does not involve CentOS 7 agents.

If you can’t avoid CentOS 7 agents, then you could use the manually provided key strategy and provide the list of keys. See the git client plugin documentation for the details of your choices and the impact of those choices.

Maheshrvm · January 18, 2023, 4:30pm

Thanks for reply. My requirement should choose the known hosts strategy, but i dont have control on agent file system. By the I could achieve with other options ‘accept first connection’ and ‘manually provide keys’. Getting issue only for “known hosts”

MarkEWaite · January 18, 2023, 4:35pm

Then your requirement cannot be satisfied. If you can’t place the known_hosts file on the agent file system, then the known hosts strategy cannot work. The known hosts strategy requires a known_hosts file on the agent file system.

Either your requirement must change (my recommendation) or your control of the agent file system must change.

Maheshrvm · January 18, 2023, 4:40pm

Thank you Mark for your suggestions.! will follow other than known_hosts file strategy