The server in question is a runner and builds projects with a system user gitlab-runner
. That user is used to SSH into other servers to deploy code, etc..
Always worked fine until we added a new server as destination. The command SSH
now always fails with the error 'Host key verification failed.'. The error is also thrown when I try other servers that worked before. The known_hosts
file is cleared but SSH doesn't ask to add the server to known_hosts
anymore, it returns the error message directly.
I checked the permissions of the ~/.ssh
folder and files. These are correct (.ssh: 700
, known_hosts: 600
, id_rsa: 600
, id_rsa.pub: 644
). Als rebooted the server but no success.
It feels like SSH is not working correctly. Here is a debug output of connecting to a server through SSH
.
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to megatron.domain.com [10.139.20.204] port 22.
debug1: Connection established.
debug1: identity file /home/gitlab-runner/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gitlab-runner/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to megatron.achillescm.nl:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/zgPQuuy6sG8UuLG9EHFSFAuY1QYNvQzKSyNYq//DJ0
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
Anybody an idea?
ssh
is indeed trying to ask you about accepting (and adding) the host key, but for some reason/dev/tty
cannot be opened. I've never seen that, and it suggests something is quite messed up on your system, but with the info given I have no clue what. (The function nameread_passphrase
is somewhat misleading here; it is also called fromconfirm
inssh_connect.c
) If you manually rebuild known_hosts e.g. withssh-keyscan
it should avoid this particular problem, although what else may go wrong I cannot say.