2

I am able to run a jenkins build with a local git repository, but only with no-passphrase ssh key. When I have passphrase, I start getting permission issues in the build.

How can i configure jenkins to use passphrase?

-- I am also new to ssh. Here is how I configured my jenkins (on ubuntu). 

su jenkins
ssh-keygen ....
cat key.pub

su user_with_github_repo
cd ~/.ssh/
append jenkins key.pub to authorized_keys
Asad Iqbal
  • 3,241
  • 4
  • 32
  • 52
  • I found that a similar question exists. Although, it does not explain my issue: http://stackoverflow.com/questions/8910848/hudson-cannot-fetch-from-git-repository – Asad Iqbal Jun 10 '12 at 22:03

1 Answers1

8

The issue you are having is likely due to the fact that ssh will ask interactively for the passphrase. I recommend against trying to enter the passphrase non-interactively in your script as that seems to add very little in terms of security.

Rather, you could use ssh-agent and ssh-add to unlock the key and keep it in memory. ssh-add adds the key to ssh-agent, which is a deamon process. You would unlock the key when the server starts and Jenkins would then be able to authenticate using the key stored in memory.

To do this, run ssh-agent on server boot and capture its output (two exports, SSH_AUTH_SOCK and SSH_AGENT_PID) to a file. It should run as the jenkins user. Use ssh-add to unlock the key. Then source the output file whenever you want to authorise using that key, in your Jenkins build script for example. Et voila!

Fredrik
  • 726
  • 4
  • 11