Summary
The user is facing authentication errors with Earthly on M1 and ARM Macs, particularly concerning the known_hosts file path. They propose workarounds such as disabling the known_hosts check, using different paths, HTTPS authentication, and running with --verbose. The user questions whether this is a bug, noting that host entries with port and brackets do not match in Earthly. They have been advised to try without brackets or seek another workaround, but it appears the issue may not be prioritized for a fix due to its limited impact. The user references a specific GitHub file for potential changes and mentions that the bracket syntax is typical for SSH with a specific port, suggesting that Earthly may not function with self-hosted git on a different port. They express discomfort with fixing the issue themselves using Go.
daniel.schlegel
unfortunately i do not feel enough confortable with go to fix this myself.
daniel.schlegel
As far as i see on other examples the brackets syntax is common if you have a specific port for ssh. I think if you use a self hosted git with ssh on a different port earthly does not work. I assume I'm not the only one having such a setup.
brandon
That seems like a good hunch, and similar to the ticket you found. Is there a way you can try without the brackets? Or perhaps some other workaround you can use for now? Honestly we are quite busy lately and this doesn’t seem to affect too many people, so it might be hard for us to prioritize the bug fix. If you’re comfortable working on it though, it might involve a change in <https://github.com/earthly/earthly/blob/main/buildcontext/gitlookup.go|this file>
daniel.schlegel
<@U02NXMDQ45Q> Did you get a chance to check if this is a bug? For me it looks like host entries with port and brackets [http://mycomp.com|mycomp.com]:2222 do not get matched by earthly.
daniel.schlegel
Hi <@U02NXMDQ45Q> Unfortunately i still could not solve the issue and it's pretty critical to be solve it otherwise I will not get the go to use earthly in our company. I added some comments here: https://github.com/earthly/earthly/issues/2795
For me it looks like host entries with port and brackets [http://mycomp.com|mycomp.com]:2222 do not get matched by earthly.
daniel.schlegel
There is no /etc/ssh/ssh_known_hosts on a mac. I also don't know if this path should be on the host or if it's a mount inside buildkit.
brandon
Interesting. There are some errors like this debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory followed by Host key verification failed. when it fails. I wonder if that's related
daniel.schlegel
sure.
brandon
Interesting. Can you paste the output with -V? Wonder if that reveals anything more
daniel.schlegel
Thats the full output it if helps.
daniel.schlegel
i already run with -V flag. :disappointed:
daniel.schlegel
locally yes but for gitlab i need to be able to use CI_JOB_TOKEN.
brandon
Oh another thought, I think earthly prints more details if you run with --verbose
brandon
I’m running out of debugging ideas. Is it possible to use the HTTPS based auth?
daniel.schlegel
the problem happens when i try to execute a remote target which leads into cloning the git repository first. outside earthly i can clone the exact same repo without any issues.
daniel.schlegel
my key is loaded.
daniel.schlegel
yes i tried this.
brandon
Next make sure your private key has been added by running ssh-add <path to key>.```
brandon
Did you try the debugging tips here? https://docs.earthly.dev/docs/guides/auth#auto-authentication
daniel.schlegel
yes it looks like and also from documentation i don't understand anything different. the issue is it's not working for me and my developer friend and i have no clue how to debug it further.
brandon
It looks like it should support using /etc/ssh/… :thinking_face:
https://github.com/earthly/earthly/blob/c70b2701415f217058809ad08b303e01e29dcda7/buildcontext/gitlookup.go#L748-L763
brandon
Yeah, fair enough
daniel.schlegel
and also i do not want todo this because of security reason :wink:
daniel.schlegel
strict_host_key_checking: false does not work for me either. if i add ssh_command: ssh -o 'StrictHostKeyChecking=no' it works for me but not for the other developer.
brandon
It isn’t recommended for security reasons, but it looks like you could try disabling the known_hosts check: https://docs.earthly.dev/docs/earthly-config#strict_host_key_checking
daniel.schlegel
Another developer has also issues but a different one(also on a arm mac). On his machine it looks like the know_hosts get loaded but the scan does not find the host. I'm not sure why the host is with [] but thats whats inside the know_hosts
matched earthly reference http://git.mycomp.com/images/maven|git.mycomp.com/images/maven with git config entry http://git.mycomp.com|git.mycomp.com (regex http://git.mycomp.com/[^/]+/[^/]+|git.mycomp.com/[^/]+/[^/]+) loaded 3 key(s) from known_hosts and 7 default key(s) ignoring key scan "[http://git.namics.com|git.namics.com]:2222 ssh-ed15119 MYKEY": due to host mismatch ...
daniel.schlegel
Hello I'm on a m1 mac and try to build with earthly some remote targets. Unfortunatelly i cannot connect since my know_hosts file is not found. The path to it on mac is normally ~/.ssh/known_hosts but earthly tries to find it in /etc/ssh/ssh_know_hosts. Is this just the path inside the container? In ~/.ssh/known_hosts my host is there.
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug1: Authenticating to http://git.mycomp.com:2222|git.mycomp.com:2222 as 'git' debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: read_passphrase: can't open /dev/tty: No such device or address Host key verification failed. fatal: Could not read from remote repository.