Summary

This KB offers guidance for resolving the "Host key verification failed" error encountered when accessing a remote host from Bitbucket Cloud Pipelines runner steps. Bitbucket cloud Pipelines' SSH key generation feature provides an option to generate a fingerprint for a specific host and add it to the known hosts.



However, there are scenarios where connecting or deploying to a host with a private IP address from a runner's build step becomes necessary. In such cases, the fingerprint can't be verified directly from Bitbucket Cloud Pipelines, as it allows access only to public hosts or IP addresses.

Solution

To address this issue, one can manually verify the private IP address and add the fingerprint to the known hosts file using the ssh-keyscan command. Below is an example configuration illustrating how to avoid host key verification errors on runner pipeline steps:

pipelines:
  default:
     - step:
          runs-on:
            - 'self.hosted'
            - 'linux' 
        script:
           - ssh-keyscan -H 172.20.40.175 >> ~/.ssh/known_hosts
           - <rest of the script commands>

This configuration snippet demonstrates how  ssh-keyscan to capture the host key fingerprint for the specified private IP address (replace '172.20.40.175' with your actual private IP) and append it to the known_hosts file. Incorporating this step into the pipeline can mitigate host key verification errors encountered during runner pipeline steps.