Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50573

Wrong username used for git clone with OpenSSH 7.7

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Component/s: git-plugin
    • Labels:
      None
    • Environment:
      Windows
      Git 2.17 (specifically) from chocolatey
    • Similar Issues:

      Description

      Windows VMs, Alpine Linux docker images, Debian Buster ("testing"), macOS 10.13.6, and OpenBSD 6.3 installations which use OpenSSH 7.7 (on Windows as part of Git on Windows 2.17 and Git on Windows 2.18) use the wrong username when cloning git repos with ssh (private key authentication). They're using jenkins when git is explicitly specified.

      dir("dist-utils") {
          git credentialsId: 'ssh-id-rsa', url: 'ssh://git@github.com/zeroc-ice/dist-utils.git'
      }
       > git rev-parse --is-inside-work-tree # timeout=10
      Fetching changes from the remote Git repository
       > git config remote.origin.url ssh://git@github.com/zeroc-ice/dist-utils.git # timeout=10
      Fetching upstream changes from ssh://git@github.com/zeroc-ice/dist-utils.git
       > git --version # timeout=10
      using GIT_SSH to set credentials Jenkins SSH RSA Key 
       > git fetch --tags --progress ssh://git@github.com/zeroc-ice/dist-utils.git +refs/heads/*:refs/remotes/origin/*
      ERROR: Error fetching remote repo 'origin'
      hudson.plugins.git.GitException: Failed to fetch from ssh://git@github.com/zeroc-ice/dist-utils.git
      	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:862)
      	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1129)
      	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1160)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:113)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:85)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:75)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      	at hudson.security.ACL.impersonate(ACL.java:290)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress ssh://git@github.com/zeroc-ice/dist-utils.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
      stdout: 
      stderr: jenkins@github.com: Permission denied (publickey).
      fatal: Could not read from remote repository.
      
      Please make sure you have the correct access rights
      and the repository exists.
      
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1996)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1715)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:72)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:405)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:210)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:53)
      	at hudson.remoting.Request$2.run(Request.java:364)
      	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
      	at java.util.concurrent.FutureTask.run(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at hudson.remoting.Engine$1$1.run(Engine.java:94)
      	at java.lang.Thread.run(Unknown Source)
      	Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from sal.testing.zeroc.com/192.168.90.21:58772
      		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1737)
      		at hudson.remoting.UserResponse.retrieve(UserRequest.java:313)
      		at hudson.remoting.Channel.call(Channel.java:952)
      		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146)
      		at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source)
      		at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      		at java.lang.reflect.Method.invoke(Method.java:498)
      		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132)
      		at com.sun.proxy.$Proxy96.execute(Unknown Source)
      		at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:860)
      		at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1129)
      		at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1160)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:113)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:85)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:75)
      		at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      		at hudson.security.ACL.impersonate(ACL.java:290)
      		at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      		at java.lang.Thread.run(Thread.java:748)

      Note, most importantly,

      stderr: jenkins@github.com: Permission denied (publickey).

      Running a git clone manually using an ssh agent works fine:

      sshagent(credentials: ['ssh-id-rsa']) {
        bat "git clone git@github.com:zeroc-ice/dist-utils.git dist-utils"
      }

      Workarounds include:

      • Switch the username in the private key credential from the "actual user" to "git" (for example, instead of "MarkEWaite", use "git" as the credential username)
      • Switch to use username/password with https rather than a private key credential
      • Switch to use JGit as the git implementation for affected Jenkins jobs instead of command line git
      • Use a different version of OpenSSH (7.6 or earlier)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              markewaite Mark Waite
              Reporter:
              externl Joe George
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: