I receive host key verification failed, no ECDSA host key is know for…error even after I added an entry in knows_hosts using ‘git ls-remote’ command. I tried rebooting as well. Any help would be greatly appreciated.
what did you try?
I added an entry in knows_hosts using ‘git ls-remote’ command.
what did happen?
I still receive host key verification failed, no ECDSA host key is know for…error
what did you expect to happen?
ssh access to the repo. should have worked.
https://community.jenkins.io/search?q=host%20key%20verification%20failed
Hi there,
“it doesn’t work” is always hard to remote debug. Try to always include these 3 things.
Otherwise, it’s hard for us to get into your context and you’ll have to have someone who is exactly knowledgeable come along.
The entry that you think you added in known_hosts was not read by the ssh command that was used by command line git. There are many possible reasons why that could happen, and most of them can be avoided by making a different choice in your global security configuration.
Insert of choosing “Known hosts file” as the verification method for ssh host keys, choose “Accept first connection”. So long as you’re running a reasonably modern operating system (not a Red Hat Enterprise Linux 7 variant), that will remember the first host key detected and will require that future access must use the same host key for that host.
If you’re running a Red Hat Enterprise Linux 7 variant, please plan your upgrade to another operating system. Red Hat Enterprise Linux 9 has released along with its variants like Alma Linux, Oracle Linux, and Rocky Linux. In the interim (with RHEL 7 derivatives), you can use “Manually provided keys” instead of “Known hosts file” and let Jenkins manage the delivery of the known hosts file to your agents and your controller.
The server is running on RHEL 7.9 Jenkins global security configuration setting was already set “Known hosts file” as the verification method for ssh host keys. There is no way I can upgrade the OS.
Then you can use the solution that I described:
Alternately, you can do the detailed analysis to understand why the known_hosts file that you created is not being read by ssh on the system. There are probably checklists that can tell you the many different ways that a known_hosts file could be ignored or mishandled.
Jenkins will stop supporting that OS when the operating system provider stops supporting it. That means it will be unsupported in June 2024 when Red Hat ends its support.
I wish that it were already unsupported, since it provides an ancient version of command line git (1.8, when the git project is delivering 2.39) and an ancient version of OpenSSH (7.4, when the OpenSSH project is delivering 9.1).
There are several ugly workarounds in the Jenkins git plugin because of that ancient version of command line git and that ancient version of OpenSSH. There are several features in the git plugin that simply do not work on that old version of command line git and that old version of OpenSSH.