Bug 1973595 - Unable to make SSH connection to a Bitbucket server
Summary: Unable to make SSH connection to a Bitbucket server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: App Lifecycle
Version: rhacm-2.2.z
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: rhacm-2.2.6
Assignee: Roke Jung
QA Contact: Eveline Cai
bswope@redhat.com
URL:
Whiteboard:
Depends On: 1966513
Blocks: 2028196
TreeView+ depends on / blocked
 
Reported: 2021-06-18 09:26 UTC by Riya Banerjee
Modified: 2024-10-01 18:42 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1966513
: 2028196 (view as bug list)
Environment:
Last Closed: 2021-08-10 18:33:12 UTC
Target Upstream Version:
Embargoed:
ming: rhacm-2.2.z+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github open-cluster-management backlog issues 13516 0 None None None 2021-06-18 17:09:23 UTC
Red Hat Bugzilla 1966513 1 unspecified CLOSED Unable to make SSH connection to a Bitbucket server 2024-10-01 18:24:23 UTC
Red Hat Product Errata RHBA-2021:3126 0 None None None 2021-08-10 18:33:22 UTC

Comment 3 Roke Jung 2021-06-18 14:02:12 UTC 
Yes, I can see from the logs that it still fails.

2021-06-17T02:23:23.346045644Z I0617 02:23:23.346029       1 gitrepo.go:178] Connecting to Git server via SSH
2021-06-17T02:23:23.346058983Z I0617 02:23:23.346051       1 gitrepo.go:236] Getting public SSH host key for bitbucket.biscrum.com
2021-06-17T02:23:28.405239293Z E0617 02:23:28.405194       1 gitrepo.go:242] failed to get public SSH host key: exit status 1
2021-06-17T02:23:28.405239293Z E0617 02:23:28.405221       1 git_subscriber_item.go:195] exit status 1Unable to clone the git repo ssh://git.com:7999/infpaas/openshift.git
2021-06-17T02:23:28.405239293Z I0617 02:23:28.405226       1 git_subscriber_item.go:198] exit doSubscription: policies/stable-policies-sub
2021-06-17T02:23:28.405239293Z E0617 02:23:28.405231       1 git_subscriber_item.go:162] exit status 1Subscription error.


Please try this. In the channel spec, specify insecureSkipVerify: true like below.

apiVersion: apps.open-cluster-management.io/v1
kind: Channel
metadata:
  name: somechannel
  namespace: default
spec:
  type: Git
  pathname: ssh://git.com:7999/infpaas/openshift.git
  secretRef:
    name: git-ssh-key
  insecureSkipVerify: true
Comment 5 Roke Jung 2021-06-21 13:25:49 UTC 
The SSH connection example in the documentation has

  configMapRef:
    name: git-known-hosts

which is wrong and we will remove it.

The controller tries to automatically scan SSH hosts and build known host list so you do not need the config map to specify the known hosts and even if you do, it will not be used.

There is still some problem in our SSH host scanning code with your specific case where the scan needs to include the port number. We will fix this in 2.2.5. If you need the fix before 2.2.5, we can work with you on screen share to patch your clusters.
Comment 6 Roke Jung 2021-06-23 13:37:10 UTC 
You can also configure your Bitbucket server to forward port 7999 to port 22 so that you don't have to specify the port number in your SSH URL. https://confluence.atlassian.com/bitbucketserverkb/how-do-i-use-xinetd-to-forward-port-22-for-ssh-connections-to-bitbucket-server-779171730.html

If you do this, you do not need to specify insecureSkipVerify.
Comment 7 Roke Jung 2021-06-23 13:38:23 UTC 
You can also configure your Bitbucket server to forward port 7999 to port 22 so that you don't have to specify the port number in your SSH URL. https://confluence.atlassian.com/bitbucketserverkb/how-do-i-use-xinetd-to-forward-port-22-for-ssh-connections-to-bitbucket-server-779171730.html

If you do this, you do not need to specify insecureSkipVerify.
Comment 16 errata-xmlrpc 2021-08-10 18:33:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Advanced Cluster Management 2.2.6 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3126
Comment 17 Red Hat Bugzilla 2023-09-15 01:10:07 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days
Note You need to log in before you can comment on or make changes to this bug.