SSH into DigitalOcean

I’m having some huge difficulties in SSH’ing into my DigitalOcean account:

What I’ve tried so far:

  • I’ve added the private SSH key into the CircleCi project.
  • I’ve added - “add_ssh_keys” with fingerprints.
  • I’ve added cat into .ssh/config in order to add VerifyHostKeyDNS yes and StrictHostKeyChecking no as suggested by some.
  • I’m running ssh-keyscan, targeting the IP of my DigitalOcean Droplet.
  • Finally I’m trying to run bash ./dockerstart.sh

My blocker is “The authenticity of host XXX cannot be established. … Are you sure you want to continue connecting? yes/no”. and is I’m unable to give input back, the process just stalls from here and eventually times out after some 10 minutes.

Config.yml:

My dockerstart.sh srcript that fires the ssh docker commands:

Has anyone got a public project on GitHub/BitBucket on which i could take a sneak peek to see what I’m doing wrong?

Thanks!

1 Like

I’ve fixed this (not in Digital Ocean, but generally).

What I would do is run your build with the SSH option, wait for it to fail, and then SSH in. From there, run the SSH command that gives you the authenticity error, and reply “yes”. That should create a line in ~/.ssh/known_hosts, which you can then commit into your repo and copy into place in your build process.

That would be the quickest way to fix it, I agree. I was looking for something that would automate that process, but if SSH’ing into the process and typing ‘yes’ will permanently add to known_hosts for all future build processes I’ll try your suggestion! Thanks!

1 Like

After banging my head in any hard surface available, I still can’t get this to work.

  • I’m able to manually SSH my way into CircleCI.
  • From there I can SSH into my own server and confirm yes when asked “Are you sure you want to continue connecting”. The key is then permanently added to known_hosts. So far it seems that all e2e ssh keys are OK and authorized.
  • However, when I later trigger a new build/deploy after a Github branch update, everything still halts at the “Authenticity of host … could not be estblished.” prompt.

Does not CircleCI retain information added to known_hosts after each run?

For anyone with similar problems, I had to add the host name - not the IP to ssh-keyscan command:
ssh-keyscan [my_host_name] >> ~/.ssh/known_hosts

Finally works!

No. You need to commit the file to your repo and then copy it in place for each run.