Encountering a Host key verification failed error in Jenkins can halt your continuous integration/continuous deployment (CI/CD) pipeline, causing delays and frustration. This error typically appears when Jenkins is trying to SSH into another server but fails to authenticate the server’s SSH key. Understanding why this error occurs and knowing multiple ways to resolve it are crucial for maintaining a smooth CI/CD process.

Common Reasons

Jenkins server does not recognize the remote server’s SSH key.
The SSH key has changed, due to server re-setup or IP change.

Strict HostKeyChecking is enabled.

Solution 1: Manually Accept Host Key

Manually executing an SSH command from the Jenkins server to the remote server allows you to accept the host key, adding it to the known_hosts file.

Log into the Jenkins server terminal.

Run ssh user@hostname, replacing user and hostname with your actual username and remote server address.
Accept the prompt to add the host key to known_hosts.

Notes: This is the most straightforward method but requires manual intervention, making it less suitable for automated environments.

Solution 2: Disable Strict HostKeyChecking

Temporarily disabling Strict HostKeyChecking for SSH connections in Jenkins scripts/tasks allows the connection without verifying the host key.

Identify the location of the Jenkins script or task that initiates the SSH connection.
Include the SSH command with the option -o StrictHostKeyChecking=no.

Here’s the full command:

ssh -o StrictHostKeyChecking=no user@hostname

Output: This command will initiate an SSH connection without host key verification.

Notes: Disabling Strict HostKeyChecking can pose a security risk by exposing to potential man-in-the-middle attacks. Use this for internal, secure networks.

Solution 3: Automatically Add Host Key

Using ssh-keyscan to automatically add the remote server’s host key to known_hosts before the Jenkins job runs can prevent the error.

Add a preliminary step in your Jenkins job to run ssh-keyscan -H hostname >> ~/.ssh/known_hosts, again replacing hostname with your remote server’s address.
Ensure that the Jenkins user has write permissions to ~/.ssh/known_hosts.

The command (for you to copy it more easily):

ssh-keyscan -H hostname >> ~/.ssh/known_hosts

Output: The command fetches the remote server’s host key and appends it to the known_hosts file.

Notes: Automating host key addition is convenient but risks adding unauthorized keys if not used cautiously, especially in dynamic IP environments.

Conclusion

Resolving the Host key verification failed error in Jenkins is crucial for uninterrupted CI/CD pipelines. The solutions provided range from manual approaches to automation-friendly methods, each with its own set of considerations. It’s important to choose the solution that best aligns with your security and automation requirements.

Next Article: 3 Ways to Install Jenkins on Windows

Previous Article: Jenkins: How to disable SonarQube analysis for a specific branch

Series: Jenkins Tutorials

DevOps