[JENKINS-71461] GIT_SSH_COMMAND diagnostics fail with some host key verification strategies #1669
Description
Diagnosing errors related to SSH private keys has become more complicated with the addition of the host key verification strategies in git client plugin 3.11.1. Those strategies resolve the host key verification security issue, but also require additional steps for users to diagnose errors related to SSH private keys
The instructions that suggest the use of ssh -vvv as an environment variable value for GIT_SSH_COMMAND will fail with host key verification errors unless the ssh arguments also include the necessary arguments for host key verification. Those arguments depend on the system configuration and are often written as temporary files in the workspace with unpredictable names.
It would be best if the plugin had options that would allow the user or the administrator to selectively enable and disable SSH command verbosity, without requiring extra environment variables.
Without that new option for the plugin, the user may see error messages like:
Verifying host key using manually-configured host key entries
> /usr/bin/git fetch --tags --force --progress -- git@github.com:MarkEWaite/jenkins-bugs.git +refs/heads/*:refs/remotes/origin/* # timeout=10
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "/usr/bin/git fetch --tags --force --progress -- git@github.com:MarkEWaite/jenkins-bugs.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2842)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2185)
Originally reported by 
markewaite, imported from: GIT_SSH_COMMAND diagnostics fail with some host key verification strategies
- status: Open
- priority: Minor
- component(s): git-client-plugin
- resolution: Unresolved
- votes: 0
- watchers: 2
- imported: 20251211-071809
Raw content of original issue
Diagnosing errors related to SSH private keys has become more complicated with the addition of the host key verification strategies in git client plugin 3.11.1. Those strategies resolve the host key verification security issue, but also require additional steps for users to diagnose errors related to SSH private keys
The instructions that suggest the use of ssh -vvv as an environment variable value for GIT_SSH_COMMAND will fail with host key verification errors unless the ssh arguments also include the necessary arguments for host key verification. Those arguments depend on the system configuration and are often written as temporary files in the workspace with unpredictable names.
It would be best if the plugin had options that would allow the user or the administrator to selectively enable and disable SSH command verbosity, without requiring extra environment variables.
Without that new option for the plugin, the user may see error messages like:
Verifying host key using manually-configured host key entries > /usr/bin/git fetch --tags --force --progress -- [email protected]:MarkEWaite/jenkins-bugs.git +refs/heads/*:refs/remotes/origin/* # timeout=10 ERROR: Error cloning remote repo 'origin' hudson.plugins.git.GitException: Command "/usr/bin/git fetch --tags --force --progress -- [email protected]:MarkEWaite/jenkins-bugs.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: stdout: stderr: Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2842) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2185)
environment
Jenkins 2.4011<br/>
Git client plugin 3.11.1 and newer