'Gitlab autodeploy has stopped working, "no matching host key type found" error in server logs

I have .gitlab-ci.yml:

image: php:latest
deploy:
  stage: deploy
  only:
    - master
  before_script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - echo "$SSH_KEY" | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan $SSH_HOST > ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    - ssh $SSH_USER@$SSH_HOST "cd $SSH_PATH && git pull origin master"

It worked for several months, but stopped working about a week ago, despite there was no changes on the server.

Pipeline failed job log:

# mydomainproject.com:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5
$ chmod 644 ~/.ssh/known_hosts
$ ssh $SSH_USER@$SSH_HOST "cd $SSH_PATH && git pull origin master"
ssh: connect to host mydomainproject.com port 22: Connection refused
Cleaning up file based variables
ERROR: Job failed: exit code 1

/var/log/auth.log on the server:

sshd[23927]: Connection closed by 35.227.7.98 port 50036 [preauth]
sshd[23925]: Connection closed by 35.227.7.98 port 50038 [preauth]
sshd[23924]: Connection closed by 35.227.7.98 port 50040 [preauth]
sshd[23928]: Unable to negotiate with 35.227.7.98 port 50042: no matching host key type found. Their offer: [email protected] [preauth]
sshd[23926]: Unable to negotiate with 35.227.7.98 port 50044: no matching host key type found. Their offer: [email protected] [preauth]

I've read this and tried to edit .gitlab-ci.yml:

script:
    - ssh [email protected] $SSH_USER@$SSH_HOST "cd $SSH_PATH && git pull origin master"

It didn't help, result is the same.

I don't understand what's wrong and why it stopped working.

linuxsshgitlab


Solution 1:[1]

Did you tried also with ssh -oHostKeyAlgorithms=+ssh-dss?

It's a known problem described in the OpenSSH legacy documentation even if this work-around is not recommended for security reasons.

Solution 2:[2]

If anyone else has this problem, for me it helped to manually specify the host key instead of trying to let the gitlab runner determine it on the fly with ssh-keyscan.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Davide Madrisan
Solution 2 Chris Apfelbeck

Related Questions