-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Windows 10 + Docker Desktop
jenkins/jenkins docker image
Hi,
i have the following error message when trying to access my gitlab server via ssh from my jenkins:
stdout: stderr: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0555 for '/var/jenkins_home/caches/git-0aa16db65c903d3ced737f801b217112@tmp/jenkins-gitclient-ssh2425211278542515051.key' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "/var/jenkins_home/caches/git-0aa16db65c903d3ced737f801b217112@tmp/jenkins-gitclient-ssh2425211278542515051.key": bad permissions Permission denied (publickey). fatal: Could not read from remote repository.
My environment is the following:
Host System: Windows 10
Docker Desktop 2.1.0 with Linux based containers
Jenkins Docker Container: jenkins/jenkins and jenkins/jenkins:lts
I've a similar setup running with a linux for Docker and there isn't the same problem.
For testing purposes i've installed the latest beta version (3.0.0-beta10) of the "git client plugin" as suggestet in the comment of https://issues.jenkins-ci.org/browse/JENKINS-53933. But this didn't solve the problem.
I'm not sure if the credentials-binding-plugin is the right component for this.
It seems that other people have the same problem. e.g. The comment at the bottom of https://wiki.jenkins.io/display/JENKINS/SSH+Credentials+Plugin .
For anyone who runs into this same issue, there is an okay workaround.
The problem seems to be that, when the Github SSH Jenkins plugin creates the SSH key file on the Jenkins container, it does not properly set the permissions to the file.
What you can do instead is just set global SSH key settings for the Jenkins container. Obviously take careful considerations over whether or not you want to do this - but if it's something that works for your Jenkins instance, it's as simple as three steps:
If you do this, then you don't actually need credentials configured in individual Jenkins jobs at all as it will be configured at the global level.
Do note though, changes to the ssh_config file will not persist across volumes, so the better way to do this would be to do it during the container startup.