I'm creating a job in Jenkins 2.152 running on Windows Server 2016 which needs to pull from a git repo hosted on bitbucket.org. I tested the ssh key through git-bash so I know it works and there is no passphrase. When I try to use the very same private key with Jenkins I get an error message.
Failed to connect to repository : Command "git.exe ls-remote -h
git@bitbucket.org:mygroup/myrepo HEAD" returned status code 128:
stdout:
stderr: Load key
"C:\\Users\\JE~1\\AppData\\Local\\Temp\\ssh2142299850576289882.key": invalid format
git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The Credentials are set up as
scope: Global
user: git
Private Key -> Enter Directly -> copy and past - generated by ssh-keygen -t rsa in gitbash
Passphrase: empty
ID: empty
description: bitbucket.org
I noticed that on another Windows Jenkins server the private key has a different number of characters per line
Does anybody know what is the expected format of Private Key in Jenkins Credentials? Or maybe there is something else that I could check.
Any help is greatly appreciated.
Check the version of Git for Windows that you are using: Starting 2.19.2, it comes with OpenSSH v7.9p1 (from 7.7 before)
And... openssh 7.8 just changed the default ssh-keygen format, from a classic PEM 64-chars, to an OPENSSH one 70 chars!
Only ssh-keygen -m PEM -t rsa -P "" -f afile would generate the old format (-m PEM)
ssh-keygen(1):write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
The OpenSSH format, supported in OpenSSH releases since 2014 and described in the
PROTOCOL.keyfile in the source distribution, offers substantially better protection against offline password guessing and supports key comments in private keys.
If necessary, it is possible to write old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when generating or updating a key.
In the end, I couldn't find a way to make pasting private keys to Jenkins credentials work.
While it might common knowledge for many, I decided to put the workaround below anyway.
Here is what I did as a workaround to pull my private repositories from Bitbucket.org:
- Log in to your Windows host as the user which runs Jenkins Service. In my case, Jenkins Service runs as a dedicated user because I needed to access network shares with write privileges restricted to this user only.
- Open Git-bash and generate SSH keys with
ssh-keygencommand accepting all defaults - In Jenkins, enter the git repo URL as git@bitbucket.org:team_name/repo_name and leave the credentials as
None
This way Git and SSH will be able to find SSH keys in the default location, which usually is c:\Users\username.ssh\
Hope this helps somebody.
I also got this error message and eventually found out that the Jenkins credential should be RSA secret key, not public key. Below is my steps for configuring Jenkins to clone from bitbucket:
- Add credential in Jenkins credentials
Kind: SSH username and private key Scope: Global Username: <my username in bitbucket> Private key: <Enter directly> -----BEGIN RSA PRIVATE KEY----- ...... -----END RSA PRIVATE KEY-----
- Create a job and configure the repository path and credential as following:
来源:https://stackoverflow.com/questions/53636532/jenkins-what-is-the-correct-format-for-private-key-in-credentials