Adding bitbucket.org to SSH_HOSTS has no effect; it uses github.com regardless.

Hi guys,

when running the set SSH_KEY command

heroku config:set SSH_KEY=(cat id_rsa7_heroku | base64)

I got the following error

'xyz is invalid. Must be in the format FOO=bar.'

I changed the command to

heroku config:set SSH_KEY="(cat id_rsa7_heroku | base64)"

which worked for me. Can you confirm and adjust the documentation?

Kind regards

Michael

Trying to use your package to add bitbucket to the list of known host and get the error

Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
remote: Permission denied (publicly).

It seems like this project has been abandoned.

Is there a better alternative now?

Note: still trying to avoid adding a Github password / user token to package.json and checking that in.

I appreciate the prompt telling me that my key was successfully added, but printing it to the screen doesn't seem like the most secure feature.

Please add a Free Software/open source license to your project, so others may use the buildpack legally in countries with copyright laws. All existing contributors should agree on a license for others to be able to rely on it as being binding and intended.

• The Free Software Foundation has a guide to choose a license: https://www.gnu.org/licenses/license-recommendations.en.html
• GitHub has a website that can help you choose a license for your project: https://choosealicense.com/

Right now, the current implementation uses StrictHostKeyChecking=no to prevent interactive warning messages about unknown keys / authenticity from preventing the build process. However, this is not ideal, as we should try to check the validity of the host's public key during SSH connection setup (e.g. during calls to npm install git+ssh:...).

We should close this issue with a PR that uses one of the approaches outlined here to facilitate better security.

Sorry i am still in learning, How to fix this.
this failure message comes out after i add buildpacks nodejs.

Build Log

-----> SSH private key app detected
-----> Running SSH private key setup
       Warning: Permanently added 'github.com,192.30.253.112' (RSA) to the list of known hosts.
       Permission denied (publickey).
-----> Node.js app detected
-----> Creating runtime environment
       
       NPM_CONFIG_LOGLEVEL=error
       NPM_CONFIG_PRODUCTION=true
       NODE_VERBOSE=false
       NODE_ENV=production
       NODE_MODULES_CACHE=true
-----> Installing binaries
       engines.node (package.json):  8.4.0
       engines.npm (package.json):   5.3.0
       
       Resolving node version 8.4.0...
       Downloading and installing node 8.4.0...
       npm 5.3.0 already installed with node
-----> Restoring cache
       Skipping cache restore (new-signature)
-----> Building dependencies
       Installing node modules (package.json)
       npm ERR! Error while executing:
       npm ERR! /usr/bin/git ls-remote -h -t ssh://[email protected]/#/#.git
       npm ERR!
       npm ERR! Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hosts.
       npm ERR! Permission denied (publickey).
       npm ERR! fatal: Could not read from remote repository.
       npm ERR!
       npm ERR! Please make sure you have the correct access rights
       npm ERR! and the repository exists.
       npm ERR!
       npm ERR! exited with error code: 128
       
       npm ERR! A complete log of this run can be found in:
       npm ERR!     /app/.npm/_logs/2017-09-07T16_06_48_844Z-debug.log
-----> Build failed
       
       We're sorry this build is failing! You can troubleshoot common issues here:
       https://devcenter.heroku.com/articles/troubleshooting-node-deploys
       
       If you're stuck, please submit a ticket so we can help:
       https://help.heroku.com/
       
       Love,
       Heroku
       
 !     Push rejected, failed to compile Node.js app.
 !     Push failed