On 19 October 2013 06:01, Angus Buchanan firstname.lastname@example.org wrote:
What have folk done to resolve the issue with Jenkins ssh keys where the
first clone hangs because you need to accept the key (ie type yes)?
Currently I just log into the machine and clone a repo, accept the key, and
then it’s all fine.
Any way to automate this or configure around it?
I use a Git config stanza like this:
From the ssh_config manual:
If this flag is set to “yes”, ssh(1) will never automatically add host keys
to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host
key has changed. This provides maximum protection against trojan horse
attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file
is poorly maintained or when connections to new hosts are frequently made.
This option forces the user to manually add all new hosts. If this flag is
set to “no”, ssh will automatically add new host keys to the user known
hosts files. If this flag is set to “ask”, new host keys will be added to
the user known host files only after the user has confirmed that is what
they really want to do, and ssh will refuse to connect to hosts whose host
key has changed. The host keys of known hosts will be verified
automatically in all cases. The argument must be “yes”, “no”, or “ask”.
The default is “ask”.
So that lives in /var/lib/jenkins/.ssh/config.
Obviously you can render that with a template accounting for how you have
your Jenkins set up, but that’s the essence of the solution.