Issues with SSH

I’m attempting to use SSH to access my server and then perform a “git pull.” The issue I’m having is that once the “ssh $pythonAnywhereUser@ssh.pythonanywhere.com” is performed, the following message appears and theres nothing else that I can do. I do not see the line that asks “Yes/No” either.

The authenticity of host 'ssh.pythonanywhere.com (23.21.200.247)' can't be established.
RSA key fingerprint is SHA256:zy2jmqxNg/fs6tFZK55OjHTI3B2UofzOiUvTPtcX3/Y.

The message Are you sure you want to continue connecting (yes/no)? does not appear in order for me to enter “yes”

Here’s a copy of my job:
build:
docker:
- image: circleci/python:3.7
working_directory: /home/circleci/project
steps:
- add_ssh_keys:
fingerprints:
- “0f:00:ad:9b:75:5b:24:f7:77:ed:65:09:a9:73:d8:33”
- checkout
- run:
command: pip install -r requirements.txt
- run:
command: python manage.py test wizard
- run:
command: ssh $pythonAnywhereUser@ssh.pythonanywhere.com

Is there anything obvious that I could be missing? I have no had any success with many different approaches including manually adding ssh.pythonanywhere to known hosts. Any help is appreciated!

Hi @bilalsattar24, and welcome to the CircleCI Community!

Can you confirm you added the SSH key to your projects settings?

If not, please follow the steps outlined in our documentation.

@yannCI Yes, I can confirm that I followed the steps outlined in the documentation. I ran ssh-keygen inside of my server and added the private key in CircleCi project settings. Adding the key via the fingerprint in the job was successful.

@bilalsattar24,

Could you try adding “ssh.pythonanywhere.com” to the known_hosts file?

You can either add an extra step:

  - run:
      name: Update known hosts
      command: ssh-keyscan -H ssh.pythonanywhere.com >> ~/.ssh/known_hosts

Or add the command to an existing step:

  - run:
      command: |
        ssh-keyscan -H ssh.pythonanywhere.com >> ~/.ssh/known_hosts 
        ssh $pythonAnywhereUser@ssh.pythonanywhere.com

@yannCI I tested this approach before posting here and had no luck. I just tested this again right now and the job does not move past this step and the following message is displayed:
#!/bin/bash -eo pipefail
ssh-keyscan -H ssh.pythonanywhere.com >> ~/.ssh/known_hosts
ssh $pythonAnywhereUser@ssh.pythonanywhere.com
# ssh.pythonanywhere.com:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
# ssh.pythonanywhere.com:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
# ssh.pythonanywhere.com:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
Warning: Permanently added the RSA host key for IP address ‘23.21.200.247’ to the list of known hosts.
<<<<<<:>~ PythonAnywhere SSH. Help @ https://help.pythonanywhere.com/pages/SSHAccess

@bilalsattar24, if you run ssh $pythonAnywhereUser@ssh.pythonanywhere.com directly from a terminal on your local machine, using the same SSH key:

  • Is the connection successful?
  • Are you also prompted to confirm?

@yannCI yes, i’ve done this level of troubleshooting. I can successfully connect from my local machine. it did ask for confirmation and i entered ‘yes.’ It also asks me for the password for the pythonanywhere account. I think this could be an issue on the circleci side.

@bilalsattar24, if you’re prompted to confirm, and then to enter your username and password, it actually means that the SSH key isn’t taken into account when you connect that server. Otherwise, it would log you in straight away.

The purpose of using SSH key authentication is to bypass the credentials authentication. This is what is described in the “Passwordless Logins” section of this pythonanywhere guide.

Which machine did you generate the key on (i.e. which machine did you run the ssh-keygen -t rsa -b 2048 command on)?

If you didn’t run the command on the pythonanywhere server, did you copy the key to the ssh.pythonanywhere.com server after generating it?