How to setup a known_hosts file for a Jenkins pipeline job

The builtin Git Host Key Verification for Jenkins doesn't work in pipeline jobs. Here's what to do instead.

Nicholas C. Zakas
• 2 min read
Tags:

Jenkins pipelines are a great way to programmatically describe your build steps. Unforunately, that power also comes with responsibility, as a lot of the built-in Jenkins functionality may not work the way you imagine. Specifically, the Git Host Key Verification setting for Jenkins isn’t used with pipeline jobs, making it common to get “Host key verification errors” when using Git. If you’re using Git in a pipeline job, you’ll need to set up your own known_hosts file.

First, SSH into your host with an account that has sudo access.

Then, make sure you have a known_hosts file that has all of the host information already present. In my case, I needed to add the keys for github.com, so I used this (via GitHub blog):

curl -L https://api.github.com/meta | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts

Next, verify that /var/lib/jenkins/.ssh exists. If it doesn’t, then create it like this:

# create directory
sudo mkdir /var/lib/jenkins/.ssh

# ensure the directory is owned by the Jenkins user
chown -R jenkins:jenkins /var/lib/.ssh

Copy your known_hosts file over:

sudo cp ~/.ssh/known_hosts /var/lib/jenkins/.ssh

At this point, your Jenkins pipeline job has access to the new known_hosts file so you should be able to run it without any problem.

Master Your Time as a Tech Lead

Free E-book - Managing Your Interrupt Rate

Managing Your Interrupt Rate as a Tech Lead E-book Cover

Take Control of Your Calendar

  • Understanding interrupt patterns
  • Strategies for time management
  • Communication techniques
  • Productivity optimization

The popular blog post series plus frequently asked questions, all in one convenient PDF.

Download Your Free Copy

Get immediate access to proven strategies for managing interruptions.