Version 1.6.0 - Host Key Verification Failed when using git ssh

[1BuBuBu1]

Terraform Version

Terraform v1.6.0

Terraform Configuration Files

module "XXXXXXXXXX" {
  source = "git@example.com:site/module.git"
  name   = "XXXXXXXXXX"
}

Debug Output

Initializing modules...
2023-10-05T07:42:44.101Z [TRACE] ModuleInstaller: installing child modules for . into .terraform/modules
2023-10-05T07:42:44.115Z [DEBUG] Module installer: begin XXXXXXXXXX
2023-10-05T07:42:44.115Z [TRACE] ModuleInstaller: XXXXXXXXXX is not yet installed
2023-10-05T07:42:44.115Z [TRACE] ModuleInstaller: cleaning directory .terraform/modules/XXXXXXXXXX prior to install of XXXXXXXXXX
2023-10-05T07:42:44.115Z [TRACE] ModuleInstaller: XXXXXXXXXX address "git::ssh://git@example.com/site/module.git" will be handled by go-getter
Downloading git::ssh://git@example.com/site/module.git for XXXXXXXXXX...
2023-10-05T07:42:44.115Z [TRACE] getmodules: fetching "git::ssh://git@example.com/site/module.git" to ".terraform/modules/XXXXXXXXXX"
2023-10-05T07:42:44.178Z [DEBUG] Module installer: begin XXXXXXXXXX
2023-10-05T07:42:44.178Z [TRACE] ModuleInstaller: XXXXXXXXXX is not yet installed
2023-10-05T07:42:44.178Z [TRACE] ModuleInstaller: cleaning directory .terraform/modules/XXXXXXXXXX prior to install of XXXXXXXXXX
2023-10-05T07:42:44.178Z [TRACE] ModuleInstaller: XXXXXXXXXX address "git::ssh://git@example.com/site/module.git" will be handled by go-getter
Downloading git::ssh://git@example.com/site/module.git for XXXXXXXXXX...
2023-10-05T07:42:44.179Z [TRACE] getmodules: fetching "git::ssh://git@example.com/site/module.git" to ".terraform/modules/XXXXXXXXXX"

Expected Behavior

Terraform Init should execute successfully and download the necessary modules from the private repository through git ssh.

Actual Behavior

SSH Keys were not modified and still active, but terraform init returned with "could not read from remote repository"

│ Error: Failed to download module
│ 
│   on XXXXX.tf line XX:
│   XX: module "XXXXXXX" {
│ 
│ Could not download module "XXXXXXX"
│ (XXXXXXX.tf:XX) source code from
│ "git::ssh://git@example.com/site/module.git":
│ error downloading
│ 'ssh://git@example.com/site/module.git':
│ /usr/bin/git exited with 128: Cloning into
│ '.terraform/modules/XXXXXXX'...
│ Host key verification failed.
│ fatal: Could not read from remote repository.
│ 
│ Please make sure you have the correct access rights
│ and the repository exists.

Steps to Reproduce

1. terraform init

Additional Context

Rollbacked version to terraform v1.5.7 with all config staying intact, no changes introduced to all config files. the terraform init command can be executed successfully and modules have been installed as expected. Using v1.6.0 will result in the above mentioned issue.

References

No response

[jbardin]

Hi @1BuBuBu1,

Thanks for filing the issue. Are you by chance using GIT_SSH_COMMAND to add options to the cli, which would make this a duplicate of #33985? Fetching a source from a git repository is handled by the git command, and mostly outside of Terraform's control.

Thanks!

[falimov]

Having the same issue. Using Terraform Cloud and don't believe we use GIT_SSH_COMMAND.

[1BuBuBu1]

Hi @1BuBuBu1,

Thanks for filing the issue. Are you by chance using GIT_SSH_COMMAND to add options to the cli, which would make this a duplicate of #33985? Fetching a source from a git repository is handled by the git command, and mostly outside of Terraform's control.

Thanks!

Hey @jbardin . Yes tried with the GIT_SSH_COMMAND by supplying the path of SSH key
export GIT_SSH_COMMAND="ssh -i /home/user/.ssh/key"
Above works on version v1.5.7 but when trying on v1.6.0 it does not.

Add-on for Terraform Cloud, since the terraform version was set on "latest", when v1.6.0 was release, the workspace failed to be planned with the same error, had to roll it back to v1.5.7 for it to work.

Regards.

[apparentlymart]

Terraform Cloud's execution environment uses GIT_SSH_COMMAND internally (as an implementation detail) to disable known-hosts checking when cloning modules, and so I suspect the failures in Terraform Cloud are the same problem, just hidden behind an extra layer of abstraction.

[sgp-nwarden]

+1 seeing this issue with Terraform Cloud workspaces using "latest" for Terraform version. Rollback to 1.5.7 fixes

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.