53

I'm trying to connect jenkins on a github repo.

When I specify the Repo URL jenkins return the following error message:

Failed to connect to repository : Command "git ls-remote -h git@github.com:adolfosrs/jenkins-test.git HEAD" returned status code 128: stdout: stderr: Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

When using the HTTPS:// Url jenkins returns:

Failed to connect to repository : Failed to connect to https://github.com/adolfosrs/jenkins-test.git (status = 407)

I could successfully clone the repo at the same machine where jenkins is running and I also run the git ls-remote -h git@github.com:adolfosrs/jenkins-test.git HEAD command. So I have the right SSH at github.

adolfosrs
  • 9,286
  • 5
  • 39
  • 67
  • 2
    Make sure you are logged in as the user that Jenkins runs as and check connection to githib – Michael Ver Feb 04 '14 at 17:12
  • 2
    What do you mean by "logged in as the user that Jenkins runs"? Logged in where? I could clone the repo so I have connection with github. – adolfosrs Feb 05 '14 at 15:58
  • 2
    Jenkins runs as the user jenkins and has its own .ssh directory to store the list of public keys and known_hosts. – Michael Ver Feb 05 '14 at 18:39
  • 6
    Try sudo -i -u jenkins; git clone git@github.com:adolfosrs/jenkins-test.git – Michael Ver Feb 05 '14 at 18:40
  • Ok. You are right. But now i'm getting "Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts). Permission denied (publickey)." Any idea? – adolfosrs Feb 05 '14 at 18:45

16 Answers16

24

The problem was that somehow I created the ssh files with the root user. So the files owner was root.

The solution was just change the ownership to the jenkins user. 

chown jenkins id_rsa.pub 
chown jenkins id_rsa
adolfosrs
  • 9,286
  • 5
  • 39
  • 67
14

I had the exact same problem. The way I solved it on Mac is this:

  1. Switch to jenkins user (sudo -iu jenkins)
  2. Run: ssh-keygen (Note - You are creating ssh key pairs for jenkins user now. You should see something like this : Enter file in which to save the key (/Users/Shared/Jenkins/.ssh/id_rsa):
  3. Keep pressing Enter for default value till end
  4. Run the command showing in the Jenkins error message, on your teminal (eg : "git ls-remote -h git@github.com:adolfosrs/jenkins-test.git HEAD")
  5. You will be asked if you want to continue. Say yes
  6. The Github repo will be added to your known_hosts file in : /Users/Shared/Jenkins/.ssh/
  7. Go back to Jenkins portal and try your Github SSH url
  8. It should work. Good Luck
Caleb Cheng
  • 141
  • 1
  • 5
9

In our case git had to be installed on the Jenkins server.

030
  • 10,842
  • 12
  • 78
  • 123
8

I faced a similar issue when I tried to connect jenkins in my Windows server with my private GIT repo. Following is the error returned in the source code management section of Jenkins job

Failed to connect to repository : Command "git.exe ls-remote -h ssh://git@my_server/repo.git HEAD" returned status code 128: stdout: stderr: Load key "C:\Windows\TEMP\ssh4813927591749610777.key": invalid format git@my_server: Permission denied (publickey). fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

This error is thrown because jenkins is not able to pick the private ssh key from its user directory. I solved this in the following manner

Step 1

In the jenkins job, fill up the following info under Source Code Management

Repositories

Repository URL: ssh://git@my_server/repo.git
Credentials: -none-

Step 2

In my setup jenkins is running under local system account, so the user directory is C:\Windows\System32\config\systemprofile (This is the important thing in this setup that is not very obvious).

Now create ssh private and public keys using ssh-keygen -t rsa -C "key label" via git bash shell. The ssh private and public keys go under .ssh directory of your logged in user directory. Just copy the .ssh folder and paste it under C:\Windows\System32\config\systemprofile

Step 3

Add your public key to your GIT server account. Run the jenkins job and now you should be able to connect to the GIT account via ssh from jenkins.

Community
  • 1
  • 1
Rajaraman Subramanian
  • 769
  • 11
  • 21
7

This is a very tricky issue - even if you're familiar with how things are working in https with certificates (OTOH if you see my workaround, it seems very logical :)

If you want to connect to a GIT repository via http(s) from shell, you would make sure to have the public certificate stored (as file) on your machine. Then you would add that certificate to your GIT configuration

git config [--global] http.sslCAInfo "certificate"

(replace "certificate" with the complete path/name of the PEM file :)

For shell usage you would as well e.g. supply a '.netrc' provding your credentials for the http-server login. Having done that, you shall be able to do a 'git clone https://...' without any interactive provisioning of credentials.

However, for the Jenkins-service it's a bit different ... Here, the jenkins process needs to be aware of the server certificate - and it doesn't use the shell settings (in the meaning of the global git configuration file '.gitconfig') :P

What I needed to do is to add another parameter to the startup options of Jenkins.

... -Djavax.net.ssl.trustStore="keystore" ...

(replace "keystore" with the complete path/name like explained below :)

Now copy the keystore file of your webserver holding the certificate to some path (I know this is a dirty hack and not exactly secure :) and refer to it with the '-Djavax.net.ssl.trustStore=' parameter.

Now the Jenkins service will accept the certificate from the webserver providing the repository via https. Configure the GIT repository URL like

https://yourserver.com/your-repositorypath

Note that you still require the '.netrc' under the jenkins-user home folder for the logon !!! Thus what I describe is to be seen as a workaround ... until a properly working credentials helper plugin is provided. IMHO this plugin (in its current version 1.9.4) is buggy.

I could never get the credentials-helper to work from Jenkins no matter what I tried :( At best I got to see some errors about the not accessible temporary credential helper file, etc. You can see lots of bugs reported about it in the Jenkins JIRA, but no fix.

So if somebody got it to work okay, please share the knowledge ...

P.S.: Using the Jenkins plugins in the following versions:

Credentials plugin 1.9.4, GIT client plugin 1.6.1, Jenkins GIT plugin 2.0.1

Juergen Klasen
  • 829
  • 7
  • 11
  • Okay, I forgot to mention that I'm - in my context - NOT talking about GITHUB, but an own repository server which is only accessible via https transport :) – Juergen Klasen Feb 06 '14 at 10:38
3

Check with below settings. That always work for me.

Jenkins Configuration :

1) Check whether git executable is appropriately specified

2) Provide SSH repository link git@blahblah

3) Under credentials >> Select Username and Authentication key (go to your server, Generate SSH keys ssh-keygen... Copy keys to JENKINS_HOME/,ssh) You should be able to connect to your GIT repository from Jenkins

adolfosrs
  • 9,286
  • 5
  • 39
  • 67
Harshal Vaidya
  • 169
  • 11
  • What do you mean by `Select Username and Authentication key`? There is no such exact option. – IgorGanapolsky Nov 23 '16 at 21:02
  • Authentication key is your private key for connecting to GIT server – Harshal Vaidya Dec 01 '16 at 16:22
  • Exact option is `SSH Username with private key` and you can also directly insert the private key you generated on GitHub or select the file that has the private key from your Jenkins master file system. – Moshisho Dec 27 '16 at 08:42
2

On Ubuntu, placed your id_rsa and id_rsa.pub files in /var/lib/jenkins/.ssh

Make Jenkins own them sudo chown -R jenkins /var/lib/jenkins/.ssh/

Make sure that Jenkins key is added as deploy key with RW access in GitHub (or similar) - use the id_rsa.pub key for this.

Now everything should jive with the SCM Sync Plugin.

Joseph Lust
  • 19,340
  • 7
  • 85
  • 83
  • 1
    did not work. Had to manually add private key to jenkins UI, which is weird – prayagupa Apr 24 '17 at 00:26
  • @prayagupd I also had to add the private key generated within Jenkins container as a 'Credential' within Jenkins UI in order to allow code cloning. – Joshua T May 13 '19 at 21:09
2

Jenkins runs as another user, not as your ordinary login. So, do as this to solve the ssh problem:

  1. Log on as jenkins su jenkins (you may first have to do sudo passwd jenkins to be able to set the password for jenkins. I couldn't find the default...)
  2. Generate ssh key pair: ssh-keygen
  3. Copy the public key (id_rsa.pub) to your github account (or wherever)
  4. Clone the repo as jenkins in order to have the host added to jenkins known_hosts which is neccessary to do. Now you can remove the cloned repo again if you wish.
David Engdal
  • 46
  • 3
  • I think adding the host to jenkins known_hosts did the trick, I was trying only with the ssh keys, cheers! – yehanny Feb 07 '21 at 03:10
1

In my case, I edited the known_hosts file with root user. So it changed the file ownership to root and jenkins user started throwing "git@github.com:xxxxxx/xxxx.git HEAD" returned status code 128: stdout: stderr: Host key verification failed" error while cloning git image. Reverting the ownership resolved the issue.

funny_head
  • 91
  • 1
  • 5
1

In my case I resolved this issue by

  • clicking button Add which is next to the "Credentials" text
  • adding credentials (login and password)
  • selecting these credentials on the popup menu, which is on the left of the Add button
  • waiting for a couple of seconds

My environment was Jenkins installed in the Windows. The UI question was why the warning was placed before the tool to resolve it.

Roman
  • 19,236
  • 15
  • 93
  • 97
0

Let me add here that one very minor issue that could generate this type of error is the missing .git extension in the repository URL. Ensure you enter the fully qualified URL ending with .git. I use bitbucket so what I do do is do click 'clone' and the fully qualified URL is automatically generated for me. There is a similar approach with github.

0

Make sure that the RSA host key and the IP of the bitbucket server is added to the 'known hosts' file. The contents should look like 

bitbucket.org,xx.xx.xx.xx ssh-rsa host_key

Remember to change ownership to Jenkins for all the files in /var/lib/jenkins/.ssh/

shark1608
  • 649
  • 11
  • 24
0

Not mentionned here so far, but this can come also from stash. We encountered the same issue, the root cause for our problem was that the stash instance we use for jenkins did crash. Restarting stash solved it in our case.

Jean-Michel Bernard
  • 26
  • 4
0

I resolved the same issue in the below steps:

  1. Run this on the CMD line > git.exe ls-remote URL
  2. Then provide the git credentials : you will find all the heads of the git repository
  3. return back to Jenkins, provide your git repository URL in SCM, and then add the credentials of your Git repo in the credentials.
M.GR
  • 39
  • 4
0

If you are using dockerized Jenkins and github, then follow the steps below.

  1. Access the Jenkins container using the docker command docker exec -it your-container-id bash
  2. Then generate ssh keys using the command ssh-keygen hit enter till the prompt is done.
  3. Access your public key using the command cat ~/.ssh/id_rsa.pub
  4. Copy the displayed key and then add it to your github as shown in the image below. enter image description here
Arnoldkk
  • 489
  • 7
  • 11
0

For jenkins communication over SSH:

  1. We go under the user jenkins: su jenkins (for the first time you need to set a password for him: sudo passwd jenkins)
  2. Create in the root jenkins'a .ssh: mkdir .ssh
  3. Create SSH keys: ssh-keygen
  4. Upload the .pub key to GitHub and the private key to the project
  5. Clone any repository under SSH on GitHub: git clone git@github.com:username/forJenkins.git ALL DONE!
Yuriy Osmolovskiy
  • 1