Status: Closed (View Workflow)
* CentOS 6.5 (x86_64 - 2.6.32)
* There are no slaves
* Jenkins ver. 1.542 (latest, installed as a package from: http://pkg.jenkins-ci.org/redhat)
* Git plugin is 2.0 (latest)
* Git client plugin is 1.4.6 (latest)
* Git version is 1.7.1 (latest installed w/ yum)
Am I doing something wrong, or is this not something that is supported?
When I try to add a Git SCM using SSH credentials, it fails with the following error (see SCMError.png):
Failed to connect to repository : Command "ls-remote -h email@example.com:AppDirect/StandingCloud.git HEAD" returned status code 128: stdout: stderr: Permission denied (publickey). fatal: The remote end hung up unexpectedly
I've configured the private key properly (as far as I know anyway)... See PrivateKeyConfiguration.png
I've also tried the same configuration under a credential domain in case git was hung with a message like this (See CredentialDomain.png):
The authenticity of host 'github.com (184.108.40.206)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)?
I've tested and the private key that I am using does have access:
[root@jenkins ~]# ssh -T -i /dev/shm/id_rsa firstname.lastname@example.org The authenticity of host 'github.com (220.127.116.11)' can't be established. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'github.com,18.104.22.168' (RSA) to the list of known hosts. Enter passphrase for key '/dev/shm/id_rsa': Hi nshenry03! You've successfully authenticated, but GitHub does not provide shell access.
As a workaround I can add/create a key as the jenkins user; however, it would be great if I could use the SSH Credentials plugin so that the key is backed up and restored if I move to a new Jenkins server.
- is duplicated by
JENKINS-20638 SSH key credential doesn't work with key passphrase
JENKINS-25194 Private key with passphrase does not seem to work
JENKINS-27998 Git plugin fails to clone with ssh protected passphrase
JENKINS-53134 Git checkout fails when using an SSH key with a passphrase
- links to
Code changed in jenkins
User: Mark Waite
Optionally detach ssh authenticated git calls from terminal
When I run CredentialsTest from my terminal window on Ubuntu 16.04, the
test fails for ssh keys which need a passphrase. If I run the tests
from my IDE, or if I prepend "setsid" to the maven command that runs
the tests, the tests pass.
The ssh command called by git seems to require the DISPLAY variable, and
the GIT_SSH variable, and must be detached from the controlling terminal.
If any one of those is missing (at least on Ubuntu 16), the passphrase
prompt will not be answered.
Command line maven builds now include the property:
Default runtime value of the property is false. Users will not run
with this change unless they specifically set that property to true.
Most users don't run Jenkins with a controlling terminal attached,
so they don't need the change.
Sets useSETSID=true in surefire target so that command line invocations
of the tests will prefix the "git" command with setsid when it is used
in an ssh private key context.
Allows command line run of CredentialsTest with passphrase protected
Setting BatchMode=yes in the ssh command does not have the same result.
The setsid call was the only technique I found that reliably allowed
the ssh call performed by command line git to consistently process the
script defined in the SSH_ASKPASS variable.
JENKINS-20879 and JENKINS-25194 for more details.
Git client plugin 2.5.0 (released 27 Jul 2017) added support for setsid in the /usr/local directory tree, since that seems to be where it is stored on MacOS.
You're correct allan_burdajewicz, I should have said "git client plugin". The git plugin release 2.5.0 was already a year old by the time git client plugin 2.5.0 was released.
That's a good suggestion, though I really intend that the plugin will never prompt for a passphrase, where run with a controlling terminal or not.