In one of the previous blog post, we have discovered how to build GitHub project using Jenkins. In that post, since it was a public repository, we did not tried to authenticate to GitHub. Here, we’ll cover how to use SSH keys to authenticate to GitHub repos. This applies to both public and private source code repositories.
For this post’s purposes, we’ll use a sample source code repository at https://github.com/goyalmohit/DemoRepo01. You can use any repository on which you have required access.
Generate SSH Key on Jenkins Server
First, we create a directory named githubrepos on the Jenkins server and a hidden directory ssh under that:
-bash-4.2$ mkdir githubrepos -bash-4.2$ cd githubrepos/ -bash-4.2$ mkdir .ssh -bash-4.2$ ls -al total 4 drwxrwxr-x. 3 jenkins jenkins 18 Feb 22 23:33 . drwxr-xr-x. 30 jenkins jenkins 4096 Feb 22 23:33 .. drwxrwxr-x. 2 jenkins jenkins 6 Feb 22 23:33 .ssh
After this, we’ll generate ssh key pair and give the new location to save keys:
ssh-keygen -t rsa
We’ll leave the passphrase empty. Below is a sample run:
-bash-4.2$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa): /var/lib/jenkins/githubrepos/.ssh/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/jenkins/githubrepos/.ssh/id_rsa. Your public key has been saved in /var/lib/jenkins/githubrepos/.ssh/id_rsa.pub. The key fingerprint is: 63:05:7f:19:ec:d0:26:cd:33:cf:a6:cf:b0:c1:f1:67 jenkins@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ | . =. | | oo Oo | | o=o= | | . .o + | | S . = | | . . = . E| | * o | | . o | | | +-----------------+ -bash-4.2$ ^C
After that, we can get public key from id_rsa.pub:
-bash-4.2$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtyO9WjepA/vbU/0m+e2QCibi6NbyugsfARKo3EWWXHU2pitK8hzl034X0BhqHpXOLkEhyM5Thjd5XoNY8YJW+l45SZ5KrchH6W9eM1TpbvxohCxxR3ziWJctvJrvmowteW9ss/Xy+71xxx/J8k1A24z2Rs0CFMopK1PQV8SYWpegfDGyBmHPQNfLvyGV7fe44BTD5KT6mvfF+ImJDHx/jhMI4w+FvPskqJLy25B5/IGVgseB8U6rLptLKqz7zC7Eh2yD6ou33ezEpRHVA2od4+NCbxSeKyEmMB5OtHiNoPH9CaHGWrgdKQp5iOBDGC1LtkCIaGr9AuoBNee3GALJ5 jenkins@localhost.localdomain
We need to copy this value.
Configure SSH Key for GitHub Project
Once logged in to GitHub, you need to go to sample repository on which you have access. Go to repository settings -> Deploy keys -> Add deploy key:
Give a name such as ‘Jenkins Build Server’ and add the key. You may select ‘allow write access’ as well. Since we are using Jenkins only to pull repository, we’ll leave this checkbox unchecked.
Install Credentials Plugin for Jenkins
We now need to add a plugin called ‘Credentials Plugin’ inside Jenkins, if its not already added. For this, login to Jenkins console -> Manage Jenkins -> Manage Plugins -> Available and search for credentials plugin:
Once you select, install it.
Add SSH Key inside Jenkins
Now go to Credentials from left pane inside Jenkins console and then click global:
After this, select ‘Add Credentials’:
This will open a new form for us. In the Kind dropdown, select ‘SSH username with private key’ and then give a name for it. We’ll give ‘GitHub-DemoRepo’ so that we can easily identify that it is associated with demorepo repository in GitHub. We’ll then give the value of the key directly (below pic shows a public key pasted into private key area, which is a mistake. You need to put only private key into this area):
After this, click ok to save the credentials.
Install Git on Jenkins Server
Do make sure that git is already installed on the build server for this purposes.
Configure Jenkins Job to use SSH keys
Go to Jenkins job in reference, under source code management section, select the saved credentials title name (As mentioned in one of the comments below, the repository url needs to be ssh based url for the github repository):
Once you have added it, click apply and save. It’s time now to go ahead and build our job.
Verify that SSH key is working
If you go to build output, it should clearly list that SSH key is being used for authentication. Below is a sample output highlighting the same:
So I setup the SSH credentials but when I build the project it just sits at
> git.exe fetch –tags –progress https://github.com/xxx/yyy.git +refs/heads/*:refs/remotes/origin/*
i.e. full output below (with repo masked)
Started by user Daniel Brown
[EnvInject] – Loading node environment variables.
Building in workspace G:\Jenkins\workspace\bic.github.develop
> git.exe rev-parse –is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> git.exe config remote.origin.url https://github.com/xxx/yyy.git # timeout=10
Fetching upstream changes from https://github.com/xxx/yyy.git
> git.exe –version # timeout=10
using GIT_SSH to set credentials SSH Private key for Daniel’s Github
> git.exe fetch –tags –progress https://github.com/xxx/yyy.git +refs/heads/*:refs/remotes/origin/*
ERROR: Timeout after 10 minutes
ERROR: Error fetching remote repo ‘origin’
hudson.plugins.git.GitException: Failed to fetch from https://github.com/xxx/yyy.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:817)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1084)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1115)
at hudson.scm.SCM.checkout(SCM.java:495)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1212)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:566)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:491)
at hudson.model.Run.execute(Run.java:1729)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:419)
Caused by: hudson.plugins.git.GitException: Command “git.exe fetch –tags –progress https://github.com/xxx/yyy.git +refs/heads/*:refs/remotes/origin/*” returned status code -1:
stdout:
stderr:
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1924)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1643)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:71)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:352)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:815)
… 11 more
ERROR: Error fetching remote repo ‘origin’
Discard old builds…
Finished: FAILURE
LikeLike
I did some more googling and found
https://community.atlassian.com/t5/Bitbucket-questions/timeout-error-when-accesing-stash-from-jenkins/qaq-p/379424
So I getup the SSH in the windows account running the jenkins service and still just times out.
LikeLike
Hello…Please make sure that below things are true:
1. Check if you are able to run the above command manually on the server.
2. Make sure Jenkins service is running with the same account and it has local admin access on the server
3. Make sure that ssh key is configured correctly. Also try to redo the above steps. Do make sure that there are no passphrases in the ssh key pair.
LikeLike
Hi Mohit, thanks for the quick reply. I ended up getting it working with just username and password, but do still want to complete the SSH instead.
I can run the command within git bash using the Jenkins user login.
We did change Jenkins to run as a specific Jenkins user. That user is an administrator of the Jenkins server machine. I even setup a new SSH for that jenkins user and put it in Github for my account.
I did not use a passphrase at all.
I even have all the commits coming in from Github into Jenkins for the builds.
LikeLike
Failed to connect to repository : Command … returned status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
LikeLike
Hello…This tells me that either the key is wrong or you did not have access to the repo considering that url is right. Do make sure that you copy-paste entire key including all spaces and lines. If incoming commits work, then outgoing commits should work too provided you check the box for “allow write access” or may be I mimsinterpreted.
LikeLike
This is the same error im facing. How can i solve this?
LikeLike
Thanks for the post.
I was just experimenting with jenkins which was provided by google cloud “Deployment manager”.
And want to leave two notes:
1. Seems before you do anything with git you should install it on the server manually
2. I’m not sure why have you put public key into the “Private key” textarea. In my case I’ve generated the key inside jenkins .ssh (/var/lib/jenkins/.ssh) and allowed jenkins to find it by itself. This worked.
Regards,
LikeLike
Hello PavelPolyaKov. Thanks for stopping by and mentioning corrections. I can’t remember why I put public key inside private key text area. Seems like a mistake I corrected later and then forgot to update the snap pic. I’ll update post to clarify this. Thanks Again.
LikeLike
[…] When prompted, save the SSH key under the following path (I got this idea from reading the comments here) […]
LikeLike
[…] When prompted, save the SSH key under the following path (I got this idea from reading the comments here) […]
LikeLike
Thanks Much .. I was stuck in this integration for long but your post made my day …very helpful 🙂
LikeLike
What was the fix for this problem since I am facing the same issue. I tried various combinations but nothing seems to work and I get Permission denied (public key) error.
LikeLike
Here is the error message –
19:52:03 debug1: Authentications that can continue: publickey
19:52:03 debug1: Trying private key: /root/.ssh/id_rsa
19:52:03 debug1: Trying private key: /root/.ssh/id_dsa
19:52:03 debug1: Trying private key: /root/.ssh/id_ecdsa
19:52:03 debug1: Trying private key: /root/.ssh/id_ed25519
19:52:03 debug1: No more authentication methods to try.
19:52:03 Permission denied (publickey).
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // timeout
[Pipeline] }
[Pipeline] // timestamps
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
LikeLike
Hi Shilpa, looks like you dont have a matching pair of keys. Please generate one using ssh-keygen and follow the instructions mentioned.
LikeLike
Hi, The issue wasn’t with the key. It had to do with the user permissions. I had a common account created which was trying to match the public keys but this key wasn’t added to gerrit. I did it today and the job passed.
LikeLike
The instructions need to be updated to include that you need to use the SSH repo URL, not the HTTPS URL as shown in the picture under “Configure Jenkins Job to use SSH keys”. Once I changed from the HTTPS link to the SSH one, everything worked properly.
LikeLike
Added..thanks for pointing out. 🙂
LikeLike
I am getting below error while generating key:
Saving key “/var/lib/jenkins/.ssh/id_rsa” failed: Permission denied
LikeLike
wonderful worked like a charm… I was continuously getting this error,
stderr: key_load_public: invalid format
Host key verification failed.
fatal: Could not read from remote repository.
But your post gave me the right direction to fix
LikeLike