Introduction
This article provides solutions for a Host key verification failed error that can occur during a Terraform Enterprise run when ingressing Terraform modules from a Git repository over SSH.
Problem
When attempting to use Terraform modules from a Git repository over SSH, the Terraform Enterprise run fails. You may encounter the following error message:
Host key verification failed. fatal: Could not read from remote repository.
Cause
This error typically indicates a permissions issue with the SSH key used for authentication with your Version Control System (VCS) provider.
Solutions
There are several potential causes for this issue. Review the following solutions to identify and resolve the problem.
Solution 1: Remove the SSH Key Passphrase
Terraform Enterprise does not support SSH keys that are protected by a passphrase. Ensure that the SSH key you are using does not have a passphrase set.
Solution 2: Test the SSH Key Manually
From a machine with access to the repository, attempt to clone the repository using the same SSH key that Terraform Enterprise is configured to use. This helps verify that the key itself is valid and has the correct permissions on the repository.
$ git clone <repository_ssh_url>
Solution 3: Assign the Correct SSH Key to the Workspace
Verify that the correct SSH key for the workspace is attached to the appropriate Terraform Enterprise workspace. If no SSH key is selected for the workspace, Terraform Enterprise will not save the SSH host key, leading to authentication failures.
Solution 4: Verify SSH Host Key Synchronization
Ensure that the SSH key configured on the Terraform Enterprise workspace is synchronized with the SSH host key expected by the VCS provider. A mismatch can cause the host key verification to fail.
Solution 5: Check VCS Provider SSO Configuration
If you are using Single Sign-On (SSO) with your VCS provider, confirm that the SSH key has been authorized for SSO operations on the provider's platform. Some VCS providers require separate authorization for SSH keys when SSO is enabled.