There is a known issue in Spring Cloud Services (SCS) 3.1.20  that causes host key verification to fail.

This issue occurs if you try to use strict host key verification for the git server when creating a config server instance or you provide hostKey and hostKeyAlgorithm parameters, and the git server URI points to a server running on port 22, then host key verification will unexpectedly fail.

You see this error in the mirror service logs:

INFO 7 --- [ctor-http-nio-3] i.p.s.c.mirrorservice.mirrors.ShellUtil : No RSA host key is known forXXX and you have requested strict checking.
INFO 7 --- [ctor-http-nio-3] i.p.s.c.mirrorservice.mirrors.ShellUtil : Host key verification failed. 

You can confirm that the port is 22 with the ssh-keyscan tool from the SCS VM as shown here:

spring-cloud-services/XXX ~$ ssh-keyscan <gitserver-url>

In SCS 3.1.20, a change to support ports other than port 22 for git SSH servers was introduced. As part of this change, the known_hosts format was changed from host key-algo key-data to [host]:port key-algo key-data.

If the port is 22, which is the most commonly used port, OpenSSH only finds a matching host key with the original known_hosts format ([host]:22 does not work).