Managing SSH keys within Jenkins for Git

Asked 9/3, 2013 at 19:11 Answered 15/4, 2014 at 5:24

Solved git ssh jenkins continuous-integration

I'm trying to get Jenkins up and running with a GitHub hosted repository (using the Jenkins Git plugin). The repository has multiple git submodules, so I'm not sure I want to try and manage multiple deploy keys.

My personal GitHub user account is a collaborator of each of the projects I wish to pull in with Jenkins, so I've generated an SSH key within /var/lib/jenkins/.ssh and added it to my personal GitHub account.

However, when I try and add the repository URL to my Jenkins project configuration, I get:

Failed to connect to repository : Command "git ls-remote -h [email protected]:***/***.git HEAD" returned status code 128:
stdout: 
stderr: Host key verification failed. 
fatal: The remote end hung up unexpectedly

Likewise, when I schedule a build I get:

stderr: Host key verification failed.
fatal: The remote end hung up unexpectedly

I've also tried setting up an SSH config file as outlined here, but to no avail.

Can anyone shed any light? Thanks

EDIT

I should add that I'm running CentOS 5.8

Bikini answered 9/3, 2013 at 19:11 Comment(0)

It looks like the github.com host which jenkins tries to connect to is not listed under the Jenkins user's $HOME/.ssh/known_hosts. Jenkins runs on most distros as the user jenkins and hence has its own .ssh directory to store the list of public keys and known_hosts.

The easiest solution I can think of to fix this problem is:

# Login as the jenkins user and specify shell explicity,
# since the default shell is /bin/false for most
# jenkins installations.
sudo su jenkins -s /bin/bash

cd SOME_TMP_DIR
# git clone YOUR_GITHUB_URL

# Allow adding the SSH host key to your known_hosts

# Exit from su
exit

Yelp answered 9/3, 2013 at 19:27 Comment(15)

@Adam - You never mentioned about the known_hosts ;) You were only talking about the id_rsa.pub public key :D – Yelp 9/3, 2013 at 19:30

I did. (Often times you see failure if the host has not been added or authorized). I just did not mention explicitly the file. – Quits 9/3, 2013 at 19:31

Anyways you beat me to it, while I was formatting the answer :D – Yelp 9/3, 2013 at 19:32

Thanks for both your replies ;) I thought it might be something to do with known hosts, but I'm unable to login as jenkins. I managed to set a password for the user and I get a password prompt but the user session isn't switched when I provide it. Is there a way to manually add github as a known_host? – Bikini 9/3, 2013 at 19:34

@Bikini when you sudo its whatever the user your logged in as password and not the jenkins password. So you'll need a sudo user or even easier login as root and then run the sudo command. – Quits 9/3, 2013 at 19:37

If you're running as root (say using sudo), you should be able to switch to any other user using the su command without any password. you can just do echo $HOME or whoami to confirm this. – Yelp 9/3, 2013 at 19:37

Indeed, I am logged in as root. su jenkins does nothing; I'm still root@servername. echo $HOME gives me /root – Bikini 9/3, 2013 at 19:39

What does su - jenkins do ? – Yelp 9/3, 2013 at 19:44

@Yelp this does the same as I mentioned above. It might help to mention that I'm able to passwd jenkins without issue, so I find it odd that I can't login – Bikini 9/3, 2013 at 19:47

I think I know the issue. Run this command: usermod -s '/bin/bash' jenkins to set the shell as /bin/bash instead of the default /bin/false that gets set for the jenkins user. Then you should be able to su. – Yelp 9/3, 2013 at 20:0

Perfect. That's worked; I'm now getting a git config error (haven't set it for Jenkins). Thanks for your help! – Bikini 9/3, 2013 at 21:34

Just realized su has an option to specify shell, so that you don't need to run usermod, have updated the answer :) – Yelp 9/3, 2013 at 21:39

Minor tweak: sudo su -l jenkins -s /bin/bash -l drops you into the jenkins user home directory and sets the login environment variables. In some environments, this might be necessary for like LD_PATH. – Gascony 28/7, 2014 at 15:53

Thank you so much. I have searched this forever. Went through many blogs but no luck. This line did it: sudo su jenkins -s /bin/bash. Why nobody else mention this critical command? This is the only thing I did not do, so much time wasted. – Mandal 9/4, 2016 at 3:8

When I try to git clone under jenkins user I get error fatal: could not create work tree dir '<name>'.: Permission denied – Crofoot 24/12, 2016 at 12:11

Have you tried logging in as the jenkins user?

Try this:

sudo -i -u jenkins #For RedHat you might have to do 'su' instead.
git clone [email protected]:your/repo.git

Often times you see failure if the host has not been added or authorized (hence I always manually login as hudson/jenkins for the first connection to github/bitbucket) but that link you included supposedly fixes that.

If the above doesn't work try recopying the key. Make sure its the pub key (ie id_rsa.pub). Maybe you missed some characters?

Quits answered 9/3, 2013 at 19:11 Comment(0)

According to this article, you may try following command:

   ssh-add -l

If your key isn't in the list, then

   ssh-add /var/lib/jenkins/.ssh/id_rsa_project

Peroration answered 9/3, 2013 at 19:34 Comment(0)

This works for me if you have config and the private key file in the /Jenkins/.ssh/ you need to chown (change owner) for these 2 files then restart jenkins in order for the jenkins instance to read these 2 files.

Serialize answered 15/4, 2014 at 5:24 Comment(0)

Recommended topics

Hot tags