Configuring SSH authentication between GitHub and Jenkins

In one of the previous blog post, we have discovered how to build GitHub project using Jenkins. In that post, since it was a public repository, we did not tried to authenticate to GitHub. Here, we’ll cover how to use SSH keys to authenticate to GitHub repos. This applies to both public and private source code repositories.

For this post’s purposes, we’ll use a sample source code repository at https://github.com/goyalmohit/DemoRepo01. You can use any repository on which you have required access.

Generate SSH Key on Jenkins Server

First, we create a directory named githubrepos on the Jenkins server and a hidden directory ssh under that:

-bash-4.2$ mkdir githubrepos
-bash-4.2$ cd githubrepos/
-bash-4.2$ mkdir .ssh
-bash-4.2$ ls -al
total 4
drwxrwxr-x. 3 jenkins jenkins 18 Feb 22 23:33 .
drwxr-xr-x. 30 jenkins jenkins 4096 Feb 22 23:33 ..
drwxrwxr-x. 2 jenkins jenkins 6 Feb 22 23:33 .ssh

After this, we’ll generate ssh key pair and give the new location to save keys:

ssh-keygen -t rsa

We’ll leave the passphrase empty. Below is a sample run:

-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa): /var/lib/jenkins/githubrepos/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/jenkins/githubrepos/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/githubrepos/.ssh/id_rsa.pub.
The key fingerprint is:
63:05:7f:19:ec:d0:26:cd:33:cf:a6:cf:b0:c1:f1:67 jenkins@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| . =. |
| oo Oo |
| o=o= |
| . .o + |
| S . = |
| . . = . E|
| * o |
| . o |
| |
+-----------------+
-bash-4.2$ ^C

After that, we can get public key from id_rsa.pub:

-bash-4.2$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtyO9WjepA/vbU/0m+e2QCibi6NbyugsfARKo3EWWXHU2pitK8hzl034X0BhqHpXOLkEhyM5Thjd5XoNY8YJW+l45SZ5KrchH6W9eM1TpbvxohCxxR3ziWJctvJrvmowteW9ss/Xy+71xxx/J8k1A24z2Rs0CFMopK1PQV8SYWpegfDGyBmHPQNfLvyGV7fe44BTD5KT6mvfF+ImJDHx/jhMI4w+FvPskqJLy25B5/IGVgseB8U6rLptLKqz7zC7Eh2yD6ou33ezEpRHVA2od4+NCbxSeKyEmMB5OtHiNoPH9CaHGWrgdKQp5iOBDGC1LtkCIaGr9AuoBNee3GALJ5 jenkins@localhost.localdomain

We need to copy this value.

Configure SSH Key for GitHub Project

Once logged in to GitHub, you need to go to sample repository on which you have access. Go to repository settings -> Deploy keys -> Add deploy key:

Key Based integration with GitHub.JPG
Key Based integration with GitHub

Give a name such as ‘Jenkins Build Server’ and add the key. You may select ‘allow write access’ as well. Since we are using Jenkins only to pull repository, we’ll leave this checkbox unchecked.

Install Credentials Plugin for Jenkins

We now need to add a plugin called ‘Credentials Plugin’ inside Jenkins, if its not already added. For this, login to Jenkins console -> Manage Jenkins -> Manage Plugins -> Available and search for credentials plugin:

Select and add Credentials Plugin.JPG
Select and add Credentials Plugin

Once you select, install it.

Add SSH Key inside Jenkins

Now go to Credentials from left pane inside Jenkins console and then click global:

add-new-credentials-inside-jenkins
Add New Credentials inside Jenkins

After this, select ‘Add Credentials’:

add-new-credentials-inside-jenkins-2
Add New Credentials inside Jenkins-2

This will open a new form for us. In the Kind dropdown, select ‘SSH username with private key’ and then give a name for it. We’ll give ‘GitHub-DemoRepo’ so that we can easily identify that it is associated with demorepo repository in GitHub. We’ll then give the value of the key directly (below pic shows a public key pasted into private key area, which is a mistake. You need to put only private key into this area):

Add New Credentials inside Jenkins-3.JPG
Add New Credentials inside Jenkins-3

After this, click ok to save the credentials.

Install Git on Jenkins Server

Do make sure that git is already installed on the build server for this purposes.

Configure Jenkins Job to use SSH keys

Go to Jenkins job in reference, under source code management section, select the saved credentials title name:

Configure Jenkins job to use SSH keys.JPG
Configure Jenkins job to use SSH keys

Once you have added it, click apply and save. It’s time now to go ahead and build our job.

Verify that SSH key is working

If you go to build output, it should clearly list that SSH key is being used for authentication. Below is a sample output highlighting the same:

Verify that ssh keys are being used in build logs.JPG
Verify that ssh keys are being used in build logs.

 

8 thoughts on “Configuring SSH authentication between GitHub and Jenkins

  1. So I setup the SSH credentials but when I build the project it just sits at
    > git.exe fetch –tags –progress https://github.com/xxx/yyy.git +refs/heads/*:refs/remotes/origin/*

    i.e. full output below (with repo masked)
    Started by user Daniel Brown
    [EnvInject] – Loading node environment variables.
    Building in workspace G:\Jenkins\workspace\bic.github.develop
    > git.exe rev-parse –is-inside-work-tree # timeout=10
    Fetching changes from the remote Git repository
    > git.exe config remote.origin.url https://github.com/xxx/yyy.git # timeout=10
    Fetching upstream changes from https://github.com/xxx/yyy.git
    > git.exe –version # timeout=10
    using GIT_SSH to set credentials SSH Private key for Daniel’s Github
    > git.exe fetch –tags –progress https://github.com/xxx/yyy.git +refs/heads/*:refs/remotes/origin/*
    ERROR: Timeout after 10 minutes
    ERROR: Error fetching remote repo ‘origin’
    hudson.plugins.git.GitException: Failed to fetch from https://github.com/xxx/yyy.git
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:817)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1084)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1115)
    at hudson.scm.SCM.checkout(SCM.java:495)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1212)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:566)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:491)
    at hudson.model.Run.execute(Run.java:1729)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:419)
    Caused by: hudson.plugins.git.GitException: Command “git.exe fetch –tags –progress https://github.com/xxx/yyy.git +refs/heads/*:refs/remotes/origin/*” returned status code -1:
    stdout:
    stderr:
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1924)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1643)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:71)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:352)
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:815)
    … 11 more
    ERROR: Error fetching remote repo ‘origin’
    Discard old builds…
    Finished: FAILURE

    Like

  2. Hello…Please make sure that below things are true:
    1. Check if you are able to run the above command manually on the server.
    2. Make sure Jenkins service is running with the same account and it has local admin access on the server
    3. Make sure that ssh key is configured correctly. Also try to redo the above steps. Do make sure that there are no passphrases in the ssh key pair.

    Like

    1. Hi Mohit, thanks for the quick reply. I ended up getting it working with just username and password, but do still want to complete the SSH instead.
      I can run the command within git bash using the Jenkins user login.
      We did change Jenkins to run as a specific Jenkins user. That user is an administrator of the Jenkins server machine. I even setup a new SSH for that jenkins user and put it in Github for my account.
      I did not use a passphrase at all.
      I even have all the commits coming in from Github into Jenkins for the builds.

      Like

  3. Failed to connect to repository : Command … returned status code 128:
    stdout:
    stderr: Permission denied (publickey).
    fatal: Could not read from remote repository.
    Please make sure you have the correct access rights
    and the repository exists.

    Like

    1. Hello…This tells me that either the key is wrong or you did not have access to the repo considering that url is right. Do make sure that you copy-paste entire key including all spaces and lines. If incoming commits work, then outgoing commits should work too provided you check the box for “allow write access” or may be I mimsinterpreted.

      Like

  4. Thanks for the post.

    I was just experimenting with jenkins which was provided by google cloud “Deployment manager”.

    And want to leave two notes:
    1. Seems before you do anything with git you should install it on the server manually
    2. I’m not sure why have you put public key into the “Private key” textarea. In my case I’ve generated the key inside jenkins .ssh (/var/lib/jenkins/.ssh) and allowed jenkins to find it by itself. This worked.

    Regards,

    Like

  5. Hello PavelPolyaKov. Thanks for stopping by and mentioning corrections. I can’t remember why I put public key inside private key text area. Seems like a mistake I corrected later and then forgot to update the snap pic. I’ll update post to clarify this. Thanks Again.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s