Pushing to github from windows: “host key verification failed”

https://travis-ci.org/github/openziti/desktop-edge-win/builds/713829254

I have been struggling to push from travis back into github for too long. I have the build- linked above. It does ‘stuff’ and then at the very end of the build it will mutate a file (version info) and try to commit/push that file back to github.

I’ve tried everything but I can’t get it to work yet. the build basically will:

  • grab a private key from an environment variable
  • tell git to use that key as part of the sshCommand
  • update the url to be git@ vs https://
  • git add, git commit -m “[skip ci]” (a nice travis feature), and finally a git push

the push fails no matter what i do - i added an ssh -Tv git@github.com to see what that might tell me and it seeeeems like travis doesn’t have a proper entry in known_hosts? Here’s that snippet:

issuing ssh -vT -i github_deploy_key git@github.com
OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [140.82.113.4] port 22.
debug1: Connection established.
debug1: identity file github_deploy_key type 0
debug1: identity file github_deploy_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version babeld-5a455904
debug1: no match: babeld-5a455904
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.

you can see on those last three lines “Host key verification failed” Surely this is doable - I must have missed something but I’ve tried everything to get it to work. I’ve issued

git config remote.url git@github.com:openziti/desktop-edge-win.git

to make sure it’s using git@ not https

I’m out of things to try and any help from the community would be greatly appreciated.

Thanks

.travis.yml here: https://github.com/openziti/desktop-edge-win/blob/issue-82-fix-mtu/.travis.yml

you can see i tried to add it with ‘addons’

addons:
  ssh_known_hosts:
    - git.savannah.nongnu.org
    - github.com

relevant section of ‘publish.bat’ https://github.com/openziti/desktop-edge-win/blob/issue-82-fix-mtu/service/publish.bat#L54-L90

You need to accept the GitHub host key. Use ssh-keyscan :

ssh-keyscan -t rsa github.com 2>&1 >> /root/.ssh/known_hosts
2 Likes

Thanks for the reply, I tried that to… You can see that i do that in the publish.bat already. Should it be elsewhere like in the .travis.yml?

Hmm. I see you’ve specified a slightly different set of options and a slightly different path. I’ll try that…

this worked @Montana, was having same problem!

No problem! I’m glad this worked out for you @SolarUltima!

This still doesn’t work for me and it’s still unclear as to why. you can see in the raw log here that the following was run by travis on my behalf because of these lines in my .travis.yml

[0K$ ssh-keyscan -t $TRAVIS_SSH_KEY_TYPES -H git.savannah.nongnu.org 2>&1 | tee -a ${TRAVIS_HOME}/.ssh/known_hosts
...
[0K$ ssh-keyscan -t $TRAVIS_SSH_KEY_TYPES -H github.com 2>&1 | tee -a ${TRAVIS_HOME}/.ssh/known_hosts

It then again is called by me in my script: https://github.com/openziti/desktop-edge-win/blob/576186f1dba39fe5403c9cbcd0e88bb6bbd6fbb2/service/publish.bat#L73

The ssh -T output still shows the key is not valid:

Host key verification failed.

I don’t know what else to try… I’m going to ‘type’ the file to make sure the key is there… thanks for continuing to look at this.

I’ll try and reproduce @dovholuknf, and get to the bottom of this. Thank you for your patience.

@Montana - any luck? I still can’t get a git push to work :frowning:

Imprint