Capistrano and SSH Host Authenticity


#1

Hi,

We’ve moved our builds to use Circle 2.0. There is only last thing that previously was working but is not anymore. Deployment.

We use Capistrano to do deployment. But when trying to connect to our bastion server here’s the error

The authenticity of host 'xxx.yyy (77.77.77.77)' can't be established.
ECDSA key fingerprint is 89:26:8f:21:4c:bf:65:cb:8c:f2:59:68:22:d4:45:70.
Are you sure you want to continue connecting (yes/no)?

And then deployment times out.

Do you know how to solve this problem?


#2

You need to add the public key of the hosts to your build. For example:

echo 'web01.revidian.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJiGRY6N9WYQ0vy6cTiwAgNbc6ueJmVo/EafBtmT7bcD6cQMbipYM/KfYQ2lCn2TxqWepZKYoyoVQXgArycCOns=' >> ~/.ssh/known_hosts

You can use SSH in verbose mode to see which key it’s trying to use.


#3

Thank you for that. I was doing something similar previously and Capistrano run few first steps but then it asked for authenticity validation again. Now it works.

Hopefuly it can be fixed in other way in the future.


#4

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.


#5

#6

Echoing the pub key into known_hosts didn’t do it for me. What worked was the following (after having deployboy’s private key uploaded in the CircleCI web interface and having added his pub key to his own authorized_keys file, of course):

  - run:
      name: Fix host authenticity for 12.34.567.890
      command: |
        ssh-keyscan 12.34.567.890 >> ~/.ssh/known_hosts
  - deploy:
      name: Deploy
      command: |
        ssh deployboy@12.34.567.890 'cd /var/www/world-domination/scripts/deployment && . deploy.sh'

#7