12

I cannot get Jenkins git plugin to authenticate with a private git repo on bitbucket.org. I have generated a private / public key pair using ssh-keygen and set the public key in my bitbucket account under ssh keys account page.

In the job configure page I have set the Source Code Management section as follows:

Repository URL: git@bitbucket.org:mproject.git (the SSH url for clone)
Credentials: The private key id_rsa generated by ssh-keygen (no passphrase) and user git.

It immediately gives the following error:

Failed to connect to repository : Command "git -c core.askpass=true ls-remote -h git@bitbucket.org:myproject.git HEAD" returned status code 128:
stdout: 
stderr: Permission denied (publickey). 
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

When I do same git command from command line in workspace directory in a shell it works fine. I have my ~/.bashrc specified in Build Environment / Properties File Path so I am confused what could be different when it runs in the jenkins job.

I have just two users on my jenkins machine (jenkins and root) and I was running the git command as user jenkins. The home directory of user jenkins is /home/jenkins. My jenkins job runs as user anonymous. Could this be the issue?

I have the following .ssh files:

-rw-r--r--. 1 jenkins jenkins   89 Apr 25 11:18 config
-rw-r--r--. 1 jenkins jenkins  137 Apr 24 13:56 environment
-rw-------. 1 jenkins jenkins 1766 Apr 24 13:54 id_rsa
-rw-r--r--. 1 jenkins jenkins  425 Apr 24 13:54 id_rsa.pub
-rw-r--r--. 1 jenkins jenkins  806 Apr 25 12:06 known_hosts
drwx------. 2 jenkins jenkins 85 Apr 25 12:05 .ssh
Farrukh Najmi
  • 5,055
  • 3
  • 35
  • 54

4 Answers4

15

I suspect, you have added ssh keys to your user, not to the jenkins user.

By default Jenkins in run by user Jenkins, which home directory is (by default) /var/lib/jenkins. To check my hypothesis, please login as jenkins user: 

su jenkins

and call:

git -c core.askpass=true ls-remote -h git@bitbucket.org:myproject.git HEAD

to check if it will return an error.

You should have /var/lib/jenkins/.ssh directory which contains proper ssh keys. You will need to add id_rsa.pub from that directory to your account on bitbucket.

Next in job configuration just set:

Repository URL: git@bitbucket.org:ntti3/gtip.git
Credentials: - none -

Described configuration works for my Jenkins with bitbucket.

Please also ensure that .ssh directory has set proper access rights. Ssh doesn't like 'too open' directories:

-rw-------  1 jenkins jenkins  407 Apr 14 14:14 authorized_keys
-rw-------  1 jenkins jenkins 1676 Nov 25 16:37 id_rsa
-rw-rw-r--  1 jenkins jenkins  400 Nov 25 16:38 id_rsa.pub
-rw-r--r--  1 jenkins jenkins 3096 Feb 11 12:11 known_hosts
drwx------   2 jenkins jenkins     4096 Apr 14 14:14 .ssh
sparaflAsh
  • 646
  • 1
  • 9
  • 26
kkamil
  • 2,593
  • 11
  • 21
  • Thank you. Updated my post to address your suggestions (already using user jenkins and permissions seem ok). What else could it be? – Farrukh Najmi Apr 27 '15 at 12:45
  • 1
    Maybe this will help http://stackoverflow.com/questions/10589976/permission-denied-public-key-during-fetch-from-github-with-jenkins-user-on-ubu. Sorry but right now I have no other idea. – kkamil Apr 27 '15 at 12:56
  • If you are an Amazon AMI on AWS, `sudo su jenkins` does NOT keep you as user jenkins. Instead, you need to run `sudo -u jenkins /bin/bash -l` to stay as user jenkins. – Big Pumpkin Mar 25 '19 at 14:29
2

In my case the problem had something to do with having a jenkins user already created with home directory /home/jenkins and then installing jenkins as root. This may have created some confusion between whether the home directory was /var/lib/jenkins (as is normal) and /home/jenkins. The fix was to:

  1. userdel jenkins #Delete jenkins user
  2. rm -rf /home/jenkins; rm -rf /var/lib/jenkins #Remove old jenkins dirs
  3. Install jenkins again as normal process which creates jenkins user
  4. mkdir /var/lib/jenkins/.ssh; chmod 700 /var/lib/jenkins/.ssh
  5. cd /var/lib/jenkins/.ssh
  6. Create keypair using ssh-keygen, add key to bitbucket etc.
  7. Creating a credential in jenkins for newly minted id_rsa file
  8. Creating new project to use git plugin with repository url and id_rsa.pub file

Thanks for the help.

Farrukh Najmi
  • 5,055
  • 3
  • 35
  • 54
0

In my case, the problem was the RSA key fingerprint. I added the ssh key for the Jenkins user as described in the documentation but got the same error message. I solved it by logging in as the Jenkins user using

sudo su jenkins

Then, I typed in the following

git -c core.askpass=true ls-remote -h ssh://git@SERVER/PROJECT/REPO.git HEAD

And got the following message

The authenticity of host 'SERVER ([IP_ADDRESS]:PORT)' can't be established. RSA key fingerprint is 11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:ff. Are you sure you want to continue connecting (yes/no)?

By answering 'yes' to this question, the Bitbucket server is added to the list of known hosts and that really solved my issue.

smehrlapf
  • 3
  • 3
0

for ssh.bash

ssh -K ${PATH}/.ssh2/id_rsa_2048_b $*

export GIT_SSH = ${PATH}/ssh.bash
goto
  • 7,908
  • 10
  • 48
  • 58
Chuanzhou Tang
  • 33
  • 11
  • change the path and file to match your own, Jenkins Git Plugin would export GIT_SSH, but there may some bugs in it. so you need to manually run it. – Chuanzhou Tang Feb 22 '17 at 13:32