I’m trying to connect ArgoCD to a private GitLab repository using SSH.
I created a key pair and added the public key to GitLab. Then I configured the private key and repository URL (git@gitlab.example.com:group/repo.git) in ArgoCD.
When I test the connection, I get this error:
Unable to connect SSH repository: error testing repository connectivity:
unable to ls-remote HEAD on repository:
failed to list refs: ssh: handshake failed:
read tcp <argo-ip>:<port>-><gitlab-ip>:22: read: connection reset by peer
What I’ve tried so far:
Still getting the same "handshake failed" error.
If I kubectl exec into another pod in the same cluster and run:
export GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
git clone git@gitlab.example.com:group/repo.git
…it works perfectly. So network connectivity to GitLab is fine from other pods — the issue seems to be specific to ArgoCD or its SSH client configuration.
If I remember right, Argo CD uses the go-git SSH client and ignores GIT_SSH_COMMAND (and similar flags). I’m not sure how you added the key, but the recommended way is a repository Secret per the docs
apiVersion: v1
kind: Secret
metadata:
name: private-repo
namespace: argocd
labels:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
url: ssh://git@github.com/argoproj/my-private-repository.git
sshPrivateKey: |
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----
also populate argocd-ssh-known-hosts-cm with ssh-keyscan for your Git host.