Hello!
I get a problem with deploying build results to azure, I get the following error:
The authenticity of host ‘xxx (40.89.139.99)’ can’t be established.
ECDSA key fingerprint is b4:06:c4:fd:36:5c:6e:f6:a4:61:43:02:a6:fd:d7:b9.
Are you sure you want to continue connecting (yes/no)?
I checked similar problems here and tried to add public ssh key to “known_hosts” according to the advices:
i.e.added a “step” in the “deploy” job, tried two different ways:
- ssh-keyscan:
run: ssh-keyscan 40.89.139.99 >> ~/.ssh/known_hosts
- echo:
run: echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAA (...) BAQCT2K3RJXzbsP >> ~/.ssh/known_hosts
But it did not help, I get the same error so it seems like docker image do not get this key anyway.
I have added an ssh key (no passphrase) to my project settings in circle ci, it is a valid key since I can establish ssh session with azure server with this ssh key on my computer. Ip-adress is correct too.
My whole config looks like this:
# Javascript Node CircleCI 2.0 configuration file
#
# Check https://circleci.com/docs/2.0/language-javascript/ for more details
#
version: 2
jobs:
build:
docker:
# specify the version you desire here
- image: circleci/node:7.10
# Specify service dependencies here if necessary
# CircleCI maintains a library of pre-built images
# documented at https://circleci.com/docs/2.0/circleci-images/
# - image: circleci/mongo:3.4.4
working_directory: ~/repo
steps:
- checkout
# Download and cache dependencies
- restore_cache:
keys:
- v1-dependencies-{{ checksum "package.json" }}
# fallback to using the latest cache if no exact match is found
- v1-dependencies-
- run: yarn install
- save_cache:
paths:
- node_modules
key: v1-dependencies-{{ checksum "package.json" }}
# run tests!
- run: yarn test
deploy:
docker:
- image: circleci/node:7.10
working_directory: ~/repo
steps:
- add_ssh_keys:
fingerprints:
- '11:95:f7:ab:a3:67:f9:c6:7f:56:e7:a0:15:e6:e0:29'
- run: ssh-keyscan 40.89.139.99 >> ~/.ssh/known_hosts
- run:
name: upload files to azure
command: sudo scp -r github-project-name/* username@xxx.francecentral.cloudapp.azure.com:/etc/nginx/sites-available/github-project-name
workflows:
version: 2
build-deploy:
jobs:
- build
- deploy:
requires:
- build
filters:
branches:
only: master
I wish this proposal would be implemented one day - add command “ssh_known_hosts” like you can do in travis ci.
And what about security - do I need to open SSH port (22) to the whole internet in order to use run “scp” command from the circle ci image?
The best way would be allow access only from circle ci servers by adding those ip-addresses, but it is not possible accodring to this:
Any help appreciated!