Login/Register
Creating SSH keys for Gerrit and Hudson
Asked Answered
Solved githudsonssh-keyshudson-pluginsgerrit
M

1

8

I'm trying to use the Hudson Gerrit Trigger plug-in.

For whatever reason, Gerrit is not accepting the SSH key located at /var/lib/hudson/.ssh/id_rsa.

In the GUI I get Connection error : com.jcraft.jsch.JSchException: Auth fail as an error, and when I'm working in the terminal I get a Permission denied (publickey) error.

How can I generate and use a working private key so Hudson and Gerrit can play nice?

Muzzy answered 14/9, 2010 at 20:4 Comment(0)
A
10

The OP Josh Smith managed to sort it out:

I'd actually needed to add the SSH key from /var/lib/hudson/.ssh/id_rsa.pub for the user (me) into the Gerrit GUI.
Then from there it worked like a charm.
The username must be the username in Gerrit (the admin account).

My original advice is below:

What is the user which will use the web based code review system Gerrit?

That user needs your /var/lib/hudson/.ssh/id_rsa.pub public ssh key in its $HOME/.ssh/authorized_keys, as illustrated in this guide.

alt text

Key Distribution

The public portion of the RSA key pair must be copied to any servers that will be accessed by the client. The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
Assuming that all of the servers use OpenSSH instead of a different SSH implementation, the public key data must be appended into the ~/.ssh/authorized_keys file on the servers.

# first, upload public key from client to server
client$ scp ~/.ssh/id_rsa.pub server.example.org:

# next, setup the public key on server
server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub

Be sure to append new public key data to the authorized_keys file, as multiple public keys may be in use. Each public key entry must be on a different line.

Appeal answered 14/9, 2010 at 20:25 Comment(10)
@Appeal I'm coming to think you answer every question I have! I might as well have a direct line... hudson is the user that should be using the review system, I think. Forgive the noobness. Do you mean that, or the actual human user, for example joshsmith?Muzzy
@Josh: if "hudson" is the user executing the ssh connection to the localhost Gerrit system, then it needs its own id_rsa.pub added to its ~hudson/.ssh/authorized_key.Appeal
@Appeal hudson has its own id_rsa.pub in /var/lib/hudson/.ssh. Is this what you mean?Muzzy
@Appeal I should read more carefully. Clearly that's not what you meant. Where is the $HOME for the hudson user? I know that question has a variable answer, hence the need for $HOME, but really not sure where user dirs can be found.Muzzy
Do you mean something like /root/.ssh/? In that dir there are only the files id_rsa, id_rsa.pub, and known_hosts, all created by the hudson user.Muzzy
@Josh: "Where is the $HOME for the hudson user?". Exactly. Where is the question, and the general difficulty of this ssh-related Hudson issues I see on SO. You need to somehow display the environment variables when executing that Job, and see if the $HOME is mentioned.Appeal
Do I just copy/paste the id_rsa.pub into the authorized_keys file?Muzzy
@Josh: you need to append id_rsa.pub to the content of authorized_keys file (or create that authorized_keys file if it didn't already exist). See sial.org/howto/openssh/publickey-auth for more details.Appeal
Thanks for the link. Yours was not quite the answer I was looking for, but your help got me there. I'd actually needed to add the SSH key from /var/lib/hudson/.ssh/id_rsa.pub for the user (me) into the Gerrit GUI. Then from there it worked like a charm. The username must be the username in Gerrit (the admin account).Muzzy
@Josh: great! You found the solution. I have updated my answer to reflect it, and also to document (for future reference) the notion of public SSH key distribution.Appeal

© 2022 - 2024 — McMap. All rights reserved.