I installed Jenkins CI from homebrew (brew install jenkins). So, it runs under my own user. Everything works fine except for SSH access to my Git repository. I do not want to create a separate user (e.g. jenkins) to run Jenkins and create separate SSH keys for it. I just want to use my own SSH keys. Accessing my remote git repo on the command-line works fine with my ssh keys, but in Jenkins it does not work. It gives a 'Permission denied (publickey)' error (username and project are obfuscated (<user> and <project>)):
Started by user anonymous
Checkout:workspace / /Users/<user>/.jenkins/jobs/<project>_run_tests/workspace - hudson.remoting.LocalChannel#456d3d51
Using strategy: Default
Last Built Revision: Revision 093f1641f26632afd1a74c14276ec544356c1d08 (origin/dev)
Checkout:workspace / /Users/<user>/.jenkins/jobs/<project>_run_tests/workspace - hudson.remoting.LocalChannel#456d3d51
Fetching changes from 1 remote Git repository
Fetching upstream changes from ssh://git#bitbucket.org/<user>/<project>.git
ERROR: Problem fetching from origin / origin - could be unavailable. Continuing anyway
ERROR: (Underlying report) : Error performing command: /usr/local/bin/git fetch -t ssh://git#bitbucket.org/<user>/<project>.git +refs/heads/*:refs/remotes/origin/*
Command "/usr/local/bin/git fetch -t ssh://git#bitbucket.org/<user>/<project>.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
ERROR: Could not fetch from any repository
FATAL: Could not fetch from any repository
hudson.plugins.git.GitException: Could not fetch from any repository
at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1012)
at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:972)
at hudson.FilePath.act(FilePath.java:783)
at hudson.FilePath.act(FilePath.java:765)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:972)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1195)
at hudson.model.AbstractBuild$AbstractRunner.checkout(AbstractBuild.java:568)
at hudson.model.AbstractBuild$AbstractRunner.run(AbstractBuild.java:457)
at hudson.model.Run.run(Run.java:1404)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:230)
It seems it is not using my ssh keys to connect to the git server. I tried adding a UserName key to the jenkins launchagent plist, did a restart, but no effect.
How can I make jenkins use my SSH keys to connect to my remote git repo?
I do not know how homebrew sets up Jenkins, but apparently it is running in a context where it has no access to your ssh agent and your ssh key is passphrase-protected.
When you run it in a Terminal window, you have SSH_AUTH_SOCK variable in your environment which ssh client uses to authenticate. If you cannot use the ssh agent, you need to remove the passphrase from the ssh key.
Related
I cannot clone or push to a repository on my server.
I have a bare repo that is located is a directory user#host in directory home/user/test.git that I am trying to access via git clone. I used ssh-add <pathtokey> to add my ssh key. It asked me for the passphrase. I can then ssh user#host successfully.
However if I then try to git clone ssh://user#host/~/test.git I get:
Cloning into 'test'...
user#host: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
also tried
git clone ssh://user#host/home/user/test.git
git clone user#host:home/user/test.git
git clone user#host:/home/user/test.git
with the same result
I am guessing the git credential manager isn't picking up the keys?
On the server /var/auth/log says
Feb 20 02:25:36 xxxxx sshd[24674]: Connection closed by authenticating user XXXX x.x.x.x port 56433 [preauth]
Git version: git version 2.30.1.windows.1
Git Credential Manager: Git Credential Manager version 2.0.318-beta+44acfafa98 (Windows, .NET Framework 4.0.30319.42000)
git config -l reports credential.helper=manager-core
Tried both PowerShell and git bash shells, same result
user has read, execute permissions to the repo
To add to #VonC's response
In git-bash things work as normal.
The normal flow of starting the ssh-agent (via eval 'ssh-agent'
), adding the key via ssh-add <path_to_key> enables git clone to work.
In PowerShell Core, or Cmd, via Windows-Terminal more work is required
the ssh-agent starts automatically (assuming you previously started the OpenSSH Authentication Agent service), adding the key works, and you can ssh after this, but git commands do NOT work, initially, but if you do
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
This will replace the (default) ssh that comes with git-for-windows with the Windows10 implementation.
After this it should work fine in things other than git-bash. Confirmed in Powershell-Core, Command Prompt
See also:
https://gist.github.com/danieldogeanu/16c61e9b80345c5837b9e5045a701c99
The git credential manager is only involved for caching credentials (username/password) for HTTPS URL, not SSH.
Only the ssh-agent could be involved, for caching a possible passphrase, if the private key was defined with it.
I would try first using the full path, since ~ might not be interpreted by the remote shell, but the local (which has a different path for ~):
git clone ssh://user#host/home/user/test.git
# or
git clone user#host:/home/user/test.git
If not, in a git bash session, type:
export GIT_SSH_COMMAND='ssh -v'
git clone ...
The OP confirms in the discussion it works in a bash session:
In git bash, I started the ssh-agent,
added the key there, then it worked.
I'm currently using Jenkins on Windows 10, and using git as version control system.
Although I provided correct repository URL and credential, I cannot use jenkins with error below.
Failed to connect to repository : Command "git.exe ls-remote -h REPOSITORY_URL HEAD" returned status code 128:
stdout:
stderr: git#URL: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Credential and URL doesn't seems wrong, since this build success previously with same credential. The only change after successful build was one line in build script.
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
After I success with this script, git setting keeps failed. Is there any problem with that line? And how can I fix it?
EDIT
Problem solved! For anyone who has same problem, it was problem with the system user! Since ssh key stores in each user space, jenkins cannot detect where the ssh key located. Therefore, go to 'service' in windows, and change user of jenkins service to the user who has correct ssh key. It solved my problem!
Seems there is some problem in Jenkins.
It cannot locate OpenSSH folder in System32, and so that I cannot get log with it.
That would explain why the main Jenkins controller (aka "master" in old terminology) cannot contact the Git repository (assuming an SSH URL here, with technical remote user account "git")
Try and remove that git configuration to see if the error persists: Git should fall back to its own ssh.exe, packaged with Git For Windows.
As noted by the OP, this only works if said Jenkins is run as a user account, not as the system account.
Only then will it be able to access the %USERPROFILE%\.ssh folder.
I have a bash script that run commands on a windows machine (lets call it machine A) to pull a repository on bitbucket (using git) and then run specific programs to work on the pulled content.
I have also a ubuntu machine running Jenkins. On a build step I use the "Publish Over SSH" plugin to run the bash script on the machine A.
Everything goes fine all the times unless git has to pull a commit containing a large file and its fails with this error :
Downloading test x_map.fbx (31 MB) Error downloading object: x_map.fbx (63b3f85): Smudge error: Error downloading x_map.fb x
(hash): batch request: git#bitbucket.org: Permission denied (publickey).:
exit status 255
The problem is that the LFS part of git doesn't use the SSH key even though I did set the core.sshCommand in git config to use a key for all the ssh commands.
So when I do this :
ssh git#bitbucket.org git-lfs-authenticate "reopsitory" downlaod
its fails with this message : git#bitbucket.org: Permission denied (publickey)
But it works fine when I run it with the ssh key option :
ssh -i "ssh-key-path" git#bitbucket.org git-lfs-authenticate "reopsitory" downlaod
So I was wondering if there was any solution to kind of overload all the LFS ssh commands to use a specific ssh key like the core.sshCommand in git config.
I m hardly stuck on this so I hope you guys have a miraculous solution! Thanks in advance for your help.
EDIT :
adding prior to the git pull command :
eval $(ssh-agent -s)
ssh-add "key-path" makes this command work : [ ssh git#bitbucket.org git-lfs-authenticate "reopsitory" downlaod ] but the git pull still fails with the same error
I have created a project in bitbucket and trying to push code using intellij git. When I created the project bitbucket gave me commands to run within git. Here are the commands I ran and the error I got:
git remote add origin ssh://git#bitbucket.org/[username]/[repo]
git push -u origin master
This looks strange because how is this command suppose to authenticate me? Now here is error I got.
Permission denied (publickey). fatal: Could not read from remote
repository.
Please make sure you have the correct access rights and the repository
exists.
Any ideas?
That is because you are creating your project via ssh and for that you need to create and registrate SSH keys.
Create ssh key
If you don't want that, create your project only via https
Do you have the ssh key added to your computer?
If you're using oSX El Capitan or newer you'll need to add these every time you restart. osx ssh keys
How to add ssh keys
I have a Laravel project with some dependencies to private packages, secured through ssh, working on windows 10 with Laragon.
On composer install I get a permission denied (public key), however, if I clone the repo directly I get my regular prompt to type the ssh-key password for authentication and the clone works with no problems (using git#gitlab...., so no https).
The output looks like this:
Failed to execute git clone ...
Cloning into 'project/path/foo/bar'...
Permission denied (public key).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I already added the host (a private GitLab server) to my git config file, including the path to my ssh key, which seems to work due to git clone succeeding.
I expected that composer install would prompt for the password, but it just stops.
Any ideas how to solve this problem? I normally work on Ubuntu and didn't have such a problem before.
Edit:
Tried out the same commands with git bash (Git for windows) and it worked. But if I use Powershell or ConEmu(through Laragon) it won't work, any ideas?