In one of the previous blog post, we have discovered how to build GitHub project using Jenkins. In that post, since it was a public repository, we did not tried to authenticate to GitHub. Here, we’ll cover how to use SSH keys to authenticate to GitHub repos. This applies to both public and private source code repositories.
For this post’s purposes, we’ll use a sample source code repository at https://github.com/goyalmohit/DemoRepo01. You can use any repository on which you have required access.
Generate SSH Key on Jenkins Server
First, we create a directory named githubrepos on the Jenkins server and a hidden directory ssh under that:
-bash-4.2$ mkdir githubrepos -bash-4.2$ cd githubrepos/ -bash-4.2$ mkdir .ssh -bash-4.2$ ls -al total 4 drwxrwxr-x. 3 jenkins jenkins 18 Feb 22 23:33 . drwxr-xr-x. 30 jenkins jenkins 4096 Feb 22 23:33 .. drwxrwxr-x. 2 jenkins jenkins 6 Feb 22 23:33 .ssh
After this, we’ll generate ssh key pair and give the new location to save keys:
ssh-keygen -t rsa
We’ll leave the passphrase empty. Below is a sample run:
-bash-4.2$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa): /var/lib/jenkins/githubrepos/.ssh/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/jenkins/githubrepos/.ssh/id_rsa. Your public key has been saved in /var/lib/jenkins/githubrepos/.ssh/id_rsa.pub. The key fingerprint is: 63:05:7f:19:ec:d0:26:cd:33:cf:a6:cf:b0:c1:f1:67 email@example.com The key's randomart image is: +--[ RSA 2048]----+ | . =. | | oo Oo | | o=o= | | . .o + | | S . = | | . . = . E| | * o | | . o | | | +-----------------+ -bash-4.2$ ^C
After that, we can get public key from id_rsa.pub:
-bash-4.2$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtyO9WjepA/vbU/0m+e2QCibi6NbyugsfARKo3EWWXHU2pitK8hzl034X0BhqHpXOLkEhyM5Thjd5XoNY8YJW+l45SZ5KrchH6W9eM1TpbvxohCxxR3ziWJctvJrvmowteW9ss/Xy+71xxx/J8k1A24z2Rs0CFMopK1PQV8SYWpegfDGyBmHPQNfLvyGV7fe44BTD5KT6mvfF+ImJDHx/jhMI4w+FvPskqJLy25B5/IGVgseB8U6rLptLKqz7zC7Eh2yD6ou33ezEpRHVA2od4+NCbxSeKyEmMB5OtHiNoPH9CaHGWrgdKQp5iOBDGC1LtkCIaGr9AuoBNee3GALJ5 firstname.lastname@example.org
We need to copy this value.
Configure SSH Key for GitHub Project
Once logged in to GitHub, you need to go to sample repository on which you have access. Go to repository settings -> Deploy keys -> Add deploy key:
Give a name such as ‘Jenkins Build Server’ and add the key. You may select ‘allow write access’ as well. Since we are using Jenkins only to pull repository, we’ll leave this checkbox unchecked.
Install Credentials Plugin for Jenkins
We now need to add a plugin called ‘Credentials Plugin’ inside Jenkins, if its not already added. For this, login to Jenkins console -> Manage Jenkins -> Manage Plugins -> Available and search for credentials plugin:
Once you select, install it.
Add SSH Key inside Jenkins
Now go to Credentials from left pane inside Jenkins console and then click global:
After this, select ‘Add Credentials’:
This will open a new form for us. In the Kind dropdown, select ‘SSH username with private key’ and then give a name for it. We’ll give ‘GitHub-DemoRepo’ so that we can easily identify that it is associated with demorepo repository in GitHub. We’ll then give the value of the key directly (below pic shows a public key pasted into private key area, which is a mistake. You need to put only private key into this area):
After this, click ok to save the credentials.
Install Git on Jenkins Server
Do make sure that git is already installed on the build server for this purposes.
Configure Jenkins Job to use SSH keys
Go to Jenkins job in reference, under source code management section, select the saved credentials title name (As mentioned in one of the comments below, the repository url needs to be ssh based url for the github repository):
Once you have added it, click apply and save. It’s time now to go ahead and build our job.
Verify that SSH key is working
If you go to build output, it should clearly list that SSH key is being used for authentication. Below is a sample output highlighting the same: