12

I have a git repository that authenticates users with SSH keys and I want to use that repo as a GoCD material. GoCD gives me this error:

Error performing command: --- Command ---
git ls-remote ssh://git@server/repo.git refs/heads/master
--- Environment ---
{GIT_ALLOW_PROTOCOL=http:https:ssh:git:file:rsync}
--- INPUT ----

--OUTPUT ---

--- ERROR ---
STDERR: Host key verification failed.
STDERR: fatal: Could not read from remote repository.
STDERR: 
STDERR: Please make sure you have the correct access rights
STDERR: and the repository exists.
---

Is there any way I can add the SSH key to GoCD?

user3601487
  • 1,057
  • 1
  • 11
  • 21

3 Answers3

16

At the time of writing this answer, it's not possible to manage SSH keys in GoCD directly. To make it work you have to generate SSH keys for a GoCD server and all agents and then add them to the server that's hosting the git repository. You can also copy an existing key to the server & nodes but that's obviously not recommended.

For example, with standard GoCD server installation you should have the "go" user in your system:

$ grep GoCD /etc/passwd
go:x:998:998:GoCD User:/var/go:/bin/bash

sudo as a "go" user and create the key

$ sudo su - go
$ ssh-keygen
...
$ ssh [server]
The authenticity of host '[server] ([1.3.3.7])' can't be established.
ECDSA key fingerprint is SHA256:Rxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[server]' (ECDSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).

The last step is important because if you don't make it, GoCD will give you the same error.

Now add your key to the git server and click "Check connection" in GoCD. It should print "Connection OK.".

Generate keys for each node and user that runs an agent.

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
user3601487
  • 1,057
  • 1
  • 11
  • 21
  • You say "Generate keys for each node and user that runs an agent" . My go-agent and go-server are on the same machine and I've already added the pub key for the go user to my git server. How do I generate keys for each node and then what do I do with it ? Thanks – Hittz Apr 26 '18 at 09:02
  • what is the last step? connect with the generated key to the server? – mik3fly-4steri5k Feb 13 '20 at 10:47
  • 1
    @mik3fly-4steri5k Yes, connect to the server so that its fingerprint is saved locally. – user3601487 Feb 13 '20 at 13:00
2

This worked for me using Windows 10, local GoCD server, and local 'private' Bitbucket. (This is part of my development stack):

First step: verify operation using a 'normal' local user account.

  • Create the ssh key as per normal ssh key generation for Bitbucket, eg., use ssh-keygen in this example we will call it yourprivatekeyfile

  • Copy the contents of the yourprivatekeyfile.pub into a new Bitbucket Access Key, found in the configuration section of your repository. (ie refer to https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-728138079.html)

  • Edit (create if necessary) your local user's ~/.ssh/config file to have the following lines

Host 127.0.0.1
    Preferredauthentications publickey
    IdentityFile ~/.ssh/yourprivatekeyfile
  • Ensure that you can git clone ssh://git@127.0.0.1:7999/yourproject/yourrepo.git your private git repository, this will verify that the key works with the Bitbucket server.

Second step: Let GoCD server use your key file. This section assumes that you have done a 'normal' installation of GoCD Server, and that it runs as the local system account.

  1. Navigate to your local system account profile directory, probably c:/Windows/System32/config/systemprofile.

  2. If not already existing, create a .ssh directory.

  3. Copy/move your private key file (and public key file if you like) into this .ssh directory.

  4. If not already existing, create a config file in this .ssh directory.

  5. Copy the lines above for the local user's config file you have created into this config file. (The lines of the server entry should be identical to those of your local user's config file)

  6. Your GoCD Material (Git repo) should have the ssh URL that is provided in the Bitbucket clone field for the SSH operation

  7. In 'Test Connection' for the Git repo material, it should respond with 'Connection OK'

JoeAC
  • 852
  • 1
  • 8
  • 13
0

If you are using a windows machine to host GoCD server and agents , it does not run under a normal user account, it runs under the “Local System Account”

So even you can access your git repo from git bash (logged in as the current user),GOCD cannot access the same.

So you need to add the SSH keys for the Local System Account from your your current user.

1.First find the home directory for the Local System Account(It will not reside under C:/Users )

2.Use any remote administration tool to find the home directory- If you go with http://download.sysinternals.com/files/PSTools.zip

a)unzip and run command-line as administrator

b)PsExec.exe -i -s cmd.exe -start the tool c)run echo %userprofile% to get the home directory (eg:C:\Windows\system32\config\systemprofile)

3.Now you can either copy the SSH key files from current user or create a new one using ssh commands.

Try checking Connection after creating/copying the SSH keys, it will show Connection OK!

Community
  • 1
  • 1
Sudheep Vallipoyil
  • 99
  • 5