I have server script that automatically pulls down and installs a github repository. As part of the script, I'm running ssh-keyscan -H github.com >> ~/.ssh/known_hosts
as the git user to automatically accept github's RSA key prior to checking out the repo.
I have successfully used this same script in a local vagrant instance, as well as on several servers. However, on one of the servers this doesn't work, because ssh-keyscan -H github.com
doesn't return any output (I've tried this as the git user, my personal user, and as root, and the command acts the same). I can ping github.com, so it's not a connection issue; I can also run ssh-keyscan successfully on another server in the same network. I've tried upgrading SSH to see if that might be the issue, but it is already on the latest version for my distribution (CentOS 7).
Where would be a good place to start in troubleshooting this? I've tried searching StackExchange for issues related to 'ssh-keyscan', but I haven't yet found anything that fits this particular problem.
Best Answer
This does sound like a network problem to me.
The first thing that I would do is try telnetting to various SSH servers on port 22, something like the following:
$ telnet local-git-server 22
followed by:
$ telnet github.com 22
When you run this, you should see similar output to the following:
Escape character is '^]'. SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
This is a good indication that
ssh
is permitted without any firewall restrictions.ssh-keyscan
?netstat -an --tcp
do you see several TCP entries that are in SYN_SENT state? If so, this would indicate there is something blocking at the network layer