Using ssh-agent with jenkins while polling SCM

问题

Im using the Jenkins ssh-agent plugin in order to give ssh credentials to my builds which works perfectly, however I have it set up to poll the scm (in this case bitbucket git) in order to check for changes.

And of course to access the repo in order to poll for changes it also needs those ssh credentials, I cant seem to find anything related to this in the wiki but there must be a way to do so.

It seems like such a silly thing for them to not have implemented it, after all if you need ssh credentials to clone and build you would also need them to poll right?

回答1:

Removing the passphrase from the SSH key is an unacceptable step.

The jenkins ssh-agent plugin is expected to solve this problem, but as far as I can tell it's currently broken where polling is concerned:

https://issues.jenkins-ci.org/browse/JENKINS-21226

I have not found a viable, secure means to implement ssh-based server communication that also covers polling, as of Jenkins 1.545.

回答2:

Assume that your Jobs running on Jenkins master. To be able to do polling for Git repo which require SSL connection:

1. Backup your private key.
2. Remove passphrase from your private key using that one solution: How do I remove the passphrase for the SSH key without having to create a new key?
3. Add password-less private key on to your Jenkins server into Jenkins's home dir + .ssh subfolder f.e. for CEntOS it is in /var/lib/jenkins/.ssh. Make sure that only jenkins user can access that key (use chmod 600, and chown jenkins:jenkins for that).
4. In Jenkins's Credential Manager add new SSH key with username and specify full location for just configured private key f.e. /var/lib/jenkins/.ssh/id_rsa
5. Setup your Job and specify those credentials for Git repo settings and SSH agent plugin.

After those steps you are able to do polling to trigger Job when necessary as well as cloning and fetching from Job itself.

回答3:

EDIT: While the below solution apparently works for the commenter on that JIRA issue, it doesn't for me. Your mileage may vary.

From your job's Configuration page, under Additional Behaviours, add "Force polling using workspace"

Seems to have been available since September 2014.

via https://issues.jenkins-ci.org/browse/JENKINS-21226?focusedCommentId=210643&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-210643

回答4:

There is lots of info about SSH keys in the git plugin information itself:

https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin

Basically, you need to install the keys on the CI user you run jenkins as. (SSH credentials plugin is not integrated.)

来源：https://stackoverflow.com/questions/19171180/using-ssh-agent-with-jenkins-while-polling-scm