Git推送失败,出现主机密钥验证失败。

huangapple go评论60阅读模式
英文:

Git push failed with Host key verification failed

问题

以下是您要翻译的内容:

I use following steps in Jenkinsfile to push tags to github

    sshagent (credentials: ['jenkins']) {
    sh """
        git config --add url."git@github.com:".insteadOf "https://github.com/"
        git config user.name 'Jenkins'
        git config user.email '$$$+###@users.noreply.github.com'
        git tag -a dimToOff_v"${PRETTY_BUILD_VERSION}"_"${BUILD_NUMBER}" ${COMMIT_ID} -m "${JENKINS_TAG_MESSAGE}"
        git push --tags
    """
    }

This stopped working recently with following error for `git push --tags`

    Host key verification failed.
    fatal: Could not read from remote repository.

I followed the steps mentioned [here][1], but it didn't solve the issue. 

Also tried to set `GIT_SSH_COMMAND=ssh -Tvv`, then I got following output.

  • export GIT_SSH_COMMAND=ssh -Tvv
  • true
  • true
  • git config --add url.git@github.com:.insteadOf https://github.com/
  • git config user.name Jenkins
  • git config user.email ***+###@users.noreply.github.com
  • git tag -a dimToOff_v0.0.0_18 0dcd640861c996bb23fffe7d09353085a150d5fb -m By Jenkins
  • cat /home/jenkins/.ssh/known_hosts
    |1|ALkYORymbpagfGBK9E5gJ8woD4Q=|TpduH1siXgLBGdrr+LIXqRymiT4= ssh-rsa ***
    |1|VfTJRk4WA1frUmmU6aHuphGFhWg=|sl7TtxUV8s9Dw8KC6zYxjYgESbc= ssh-rsa ***
    |1|Vbfb9vRoSIzMl+1LfrD7DVOTD9w=|AGxlbOuxn+83KCtiMvaKKslq8XY= ssh-rsa ***
    |1|ND2ZisnFqJ1Z6lK6WzutcO5ZNqw=|sq4nIsV6pBWZ4P27EJHgq1rVkUs= ssh-rsa ***
    |1|bIQPH+rXgCL9Y79j7mXWrVeurxU=|dapFBijhdY4Q1GAO38e28popmFw= ssh-rsa ***
    |1|2qiJH9WIN45TcVwVV3abSeaOu+Y=|wCc07ew86oGV8JZlZCfD/nxUC10= ssh-rsa ***
    |1|1YIO0QnRQqmAEUnZpkU7C7fKoXw=|aKQev539WQiIxOPCOUHLUBWMFEE= ssh-rsa ***
    |1|A4okl1ZD/XEPYK+28Y7QvFKpwt8=|Q7Gvj/MtVMeXKM9R9E9lTTgQ0RY= ssh-rsa ***
    |1|dEKvmuFW1eRhNd3xK90iJhyGw/Q=|/+bFyB5TPDNtynliKh4h2rHKVVI= ssh-rsa ***
    |1|8rZZylU3IElRZ4xZeyxYB6QFMb8=|x10+YhzXeMIXH33yLy8VV/1K4IA= ssh-rsa ***
    |1|QOBmqHVPJXsjrShtEbrEvPHCz28=|K9/Esrj6Ku1FQ1PesQBIJJY9lcA= ecdsa-sha2-nistp256 ***
  • ssh-keygen -R github.com

Host github.com found: line 11

/home/jenkins/.ssh/known_hosts updated.
Original contents retained as /home/jenkins/.ssh/known_hosts.old

  • ssh-keyscan github.com

github.com:22 SSH-2.0-babeld-f06bbde2

github.com:22 SSH-2.0-babeld-f06bbde2

github.com:22 SSH-2.0-babeld-f06bbde2

  • git push --tags
    OpenSSH_7.6p1 Ubuntu-4ubuntu0.5, OpenSSL 1.0.2n 7 Dec 2017
    ...

Any help on how to fix this ?

  [1]: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
英文:

I use following steps in Jenkinsfile to push tags to github

sshagent (credentials: ['jenkins']) {
sh """
    git config --add url."git@github.com:".insteadOf "https://github.com/"
    git config user.name 'Jenkins'
    git config user.email '$$$+###@users.noreply.github.com'
    git tag -a dimToOff_v"${PRETTY_BUILD_VERSION}"_"${BUILD_NUMBER}" ${COMMIT_ID} -m "${JENKINS_TAG_MESSAGE}"
    git push --tags
"""
}

This stopped working recently with following error for git push --tags

Host key verification failed.
fatal: Could not read from remote repository.

I followed the steps mentioned here, but it didn't solve the issue.

Also tried to set GIT_SSH_COMMAND=ssh -Tvv, then I got following output.

 + export GIT_SSH_COMMAND=ssh -Tvv
 + true
 + true
 + git config --add url.git@github.com:.insteadOf https://github.com/
 + git config user.name Jenkins
 + git config user.email ***+###@users.noreply.github.com
 + git tag -a dimToOff_v0.0.0_18 0dcd640861c996bb23fffe7d09353085a150d5fb -m By Jenkins
 + cat /home/jenkins/.ssh/known_hosts
 |1|ALkYORymbpagfGBK9E5gJ8woD4Q=|TpduH1siXgLBGdrr+LIXqRymiT4= ssh-rsa ***
 |1|VfTJRk4WA1frUmmU6aHuphGFhWg=|sl7TtxUV8s9Dw8KC6zYxjYgESbc= ssh-rsa ***
 |1|Vbfb9vRoSIzMl+1LfrD7DVOTD9w=|AGxlbOuxn+83KCtiMvaKKslq8XY= ssh-rsa ***
 |1|ND2ZisnFqJ1Z6lK6WzutcO5ZNqw=|sq4nIsV6pBWZ4P27EJHgq1rVkUs= ssh-rsa ***
 |1|bIQPH+rXgCL9Y79j7mXWrVeurxU=|dapFBijhdY4Q1GAO38e28popmFw= ssh-rsa ***
 |1|2qiJH9WIN45TcVwVV3abSeaOu+Y=|wCc07ew86oGV8JZlZCfD/nxUC10= ssh-rsa ***
 |1|1YIO0QnRQqmAEUnZpkU7C7fKoXw=|aKQev539WQiIxOPCOUHLUBWMFEE= ssh-rsa ***
 |1|A4okl1ZD/XEPYK+28Y7QvFKpwt8=|Q7Gvj/MtVMeXKM9R9E9lTTgQ0RY= ssh-rsa ***
 |1|dEKvmuFW1eRhNd3xK90iJhyGw/Q=|/+bFyB5TPDNtynliKh4h2rHKVVI= ssh-rsa ***
 |1|8rZZylU3IElRZ4xZeyxYB6QFMb8=|x10+YhzXeMIXH33yLy8VV/1K4IA= ssh-rsa ***
 |1|QOBmqHVPJXsjrShtEbrEvPHCz28=|K9/Esrj6Ku1FQ1PesQBIJJY9lcA= ecdsa-sha2-nistp256 ***
 + ssh-keygen -R github.com
 # Host github.com found: line 11
 /home/jenkins/.ssh/known_hosts updated.
 Original contents retained as /home/jenkins/.ssh/known_hosts.old
 + ssh-keyscan github.com
 # github.com:22 SSH-2.0-babeld-f06bbde2
 # github.com:22 SSH-2.0-babeld-f06bbde2
 # github.com:22 SSH-2.0-babeld-f06bbde2
+ git push --tags
OpenSSH_7.6p1 Ubuntu-4ubuntu0.5, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /home/jenkins/.ssh/config
debug1: /home/jenkins/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "github.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to github.com [192.30.255.112] port 22.
debug1: Connection established.
debug1: identity file /home/jenkins/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5
debug1: Remote protocol version 2.0, remote software version babeld-f06bbde2
debug1: no match: babeld-f06bbde2
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM
debug1: Host 'github.com' is known and matches the ECDSA host key.
debug1: Found key in /home/jenkins/.ssh/known_hosts:12
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Any help on how to fix this ?

答案1

得分: 1

尝试并检查您的 ~/.ssh/known_hosts 文件,此操作在执行 git push 步骤之前进行。

sh "cat ~/.ssh/known_hosts"

如果您看到任何与 GitHub 相关的行,您需要使用以下命令将其删除:

sh "ssh-keyscan -R github.com"

然后,添加以下行:

sh "ssh-keyscan github.com >> ~/.ssh/known_hosts"

此外,在您的 Git Shell 步骤中,尝试添加以下内容:

export GIT_SSH_COMMAND='ssh -Tvv'

这样,您将精确地看到 Git 在尝试通过 SSH 连接到 github.com 时所考虑的文件。

debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.

我建议使用一个非加密的私钥(您可以移除现有密钥的密码)。

英文:

Try and inspect your ~/.ssh/known_hosts during your job, before the git push step.

sh "cat ~/.ssh/known_hosts"

If you see any GitHub-related line, you need to remove them with

sh "ssh-keyscan -R github.com"

before adding

sh "ssh-keyscan github.com >> ~/.ssh/known_hosts"

Try also, in your git sh step, to add

export GIT_SSH_COMMAND='ssh -Tvv'

That way, you will see exactly what file is considered when Git is trying to connect through SSH to github.com.

debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.

I would recommend using a non-encrypted private key (you can remove the passphrase of your existing key)

答案2

得分: 0

Git 命令将失败,如果 GitHub 服务器不在您构建节点的已知主机列表中。

在运行 git 命令之前,尝试添加以下步骤:

   sh "ssh-keyscan github.com >> ~/.ssh/known_hosts"
英文:

Git commands will fail if the github server isn't in your build node's known hosts list.

Try adding this step before running git commands:

   sh "ssh-keyscan github.com >> ~/.ssh/known_hosts"

huangapple
  • 本文由 发表于 2023年4月7日 03:22:37
  • 转载请务必保留本文链接:https://go.coder-hub.com/75953061.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定