Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38470

User-specific keys can't be found by the sshagent step

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ssh-agent-plugin
    • None
    • Jenkins 2.23, SSH Agent Plugin 1.13, Pipeline 2.4

      I'm attempting to create a pipeline scm job that allows the user to specify their private SSH key (stored under their user-specific credentials, not the 'public' store) as a Credentials parameter and then supply that ID to the sshagent step so the git step can pull code and (later) push code to the repository as part of a gitflow workflow.

      Unfortunately, while the Credentials Parameter lets me choose my key, the step can't seem to find it, even though I've made sure the Credentials Parameter supplies a valid ID. If I switch the Credentials Parameter to use a key that is available to anyone on the server, the key is found and the steps proceed correctly.

      I don't want users putting private keys in a location where just anyone can use them but it seems like the credentials are not retrievable from their private store. Quick snippet:

      properties([parameters([
             [$class: 'CredentialsParameterDefinition',
                       credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey',
                       defaultValue: '',
                       description: 'The SSH user and private SSH key to use for performing the release.',
                       name: 'SSH_USER',
                       required: true],
              string(defaultValue: '', description: 'The version number for the release.', name: 'RELEASE_VERSION'),
              string(defaultValue: '', description: 'The next development version', name: 'DEV_VERSION')])
              ]
            )

node {
 
  stage('Checkout Software') {
    // Checkout core
    sshagent(["${SSH_USER}"]) {
      git([branch: 'develop', changelog: false,  poll: false, url: 'git@mygitserver:some-repo.git'])
    }
}

          [JENKINS-38470] User-specific keys can't be found by the sshagent step

          Joseph Wilkicki added a comment -

          Also checked this by passing credentialsId to the git step and it also appears to be unable to use the credentials by itself. Perhaps this is Jenkins-wide bug?

          Joseph Wilkicki added a comment - Also checked this by passing credentialsId to the git step and it also appears to be unable to use the credentials by itself. Perhaps this is Jenkins-wide bug?

          Jesse Glick added a comment -

          I think only stephenconnolly understands how per-user credentials are supposed to be consumed.

          Jesse Glick added a comment - I think only stephenconnolly understands how per-user credentials are supposed to be consumed.

          Joseph Wilkicki added a comment -

          Any update on this issue?  It works combined with the Authorize Project plugin and a Freestyle Job with the authorization set to run as the user that triggered the build.  It doesn't work, however, with a Pipeline job and a Scripted Pipeline.  I've tried with sshagent and with withCredentials and both fail in the same fashion.

          Joseph Wilkicki added a comment - Any update on this issue?  It works combined with the Authorize Project plugin and a Freestyle Job with the authorization set to run as the user that triggered the build.  It doesn't work, however, with a Pipeline job and a Scripted Pipeline.  I've tried with sshagent and with withCredentials and both fail in the same fashion.

            Unassigned Unassigned
            gtjwilkicki Joseph Wilkicki
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: