Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-70403

git ssh access fails with credentials set via CASC inside container

XMLWordPrintable

      Running Jenkins 2.375.1 inside openshift (Code Ready Containers) I am trying to setup a project that checks out sourcecode from github via ssh.

      In general no problem  at all. Yet here, the credentials (ssh-private-key) has  been provided by the CASC mechanism:

       

       

      ....
- basicSSHUserPrivateKey:
scope: GLOBAL
id: ssh_with_passphrase_provided_via_file
username: git
description: "SSH passphrase with private key file. Private key provided"
privateKeySource:
directEntry:
privateKey: |
`--- BEGIN OPENSSH PRIVATE KEY---
<private key removed here>
---BEGIN OPENSSH PRIVATE KEY---
 

       

      When I create a new job (New- Item > Pipeline > Pipeline Script form SCM > Git > "git@github.myorg.de:user/myproject.git" the configuration I always receive the message:

      and then select the credential:  git (sh_with_passphrase_provided_via_file)

      Jenkins responds with

       

      Failed to connect to repository : Command "git ls-remote -h – git@github.myorg.de:user/myproject.git HEAD" returned status code 128:
stdout:
stderr: Could not create directory '/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/.ssh/known_hosts).
Load key "/tmp/jenkins-gitclient-ssh4802835664692344546.key": invalid format
git@github.myorg.de:user Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

       

       

      Yet, when I execute the following snippet in the script console 

       
       

       def creds = com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials(
     com.cloudbees.plugins.credentials.common.StandardUsernameCredentials.class,
     Jenkins.instance,
     null,
     null
 );
 for (c in creds) {
      println(c.id + ": " + c.description  )
      if(c instanceof com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey)
               println(c.getPrivateKey())
 }

      as advised  [here| https://github.com/jenkinsci/configuration-as-code-plugin/issues/1189#issue-513350547

      the private key is printed and looks fine 

       

      ssh_with_passphrase_provided_via_file: SSH passphrase with private key file. Private key provided 
ssh_with_passphrase_provided_via_file: SSH passphrase with private key file. Private key provided
-----BEGIN OPENSSH PRIVATE KEY-----
<private key removed here in the ISSUE ticker, but displayed in plain text in the output of the script console>
-----END OPENSSH PRIVATE KEY-----
 

       

      The curiosity is: If I copy this key from the output of the script console, go to manage credentials and update  the Key for the Entry "ssh_with_passphrase_provided_via_file" Entry with the key  (which I copied to the clipboard from the script-console),  and I go back to my Job, everything work immediately. 

      Please advise, trying this for days now w/o success.  

       

       

       

            jenkinsuser78 Kai
            jenkinsuser78 Kai
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: