Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38470

User-specific keys can't be found by the sshagent step

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: ssh-agent-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.23, SSH Agent Plugin 1.13, Pipeline 2.4
    • Similar Issues:

      Description

      I'm attempting to create a pipeline scm job that allows the user to specify their private SSH key (stored under their user-specific credentials, not the 'public' store) as a Credentials parameter and then supply that ID to the sshagent step so the git step can pull code and (later) push code to the repository as part of a gitflow workflow.

      Unfortunately, while the Credentials Parameter lets me choose my key, the step can't seem to find it, even though I've made sure the Credentials Parameter supplies a valid ID. If I switch the Credentials Parameter to use a key that is available to anyone on the server, the key is found and the steps proceed correctly.

      I don't want users putting private keys in a location where just anyone can use them but it seems like the credentials are not retrievable from their private store. Quick snippet:

      properties([parameters([
                   [$class: 'CredentialsParameterDefinition',
                             credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey',
                             defaultValue: '',
                             description: 'The SSH user and private SSH key to use for performing the release.',
                             name: 'SSH_USER',
                             required: true],
                    string(defaultValue: '', description: 'The version number for the release.', name: 'RELEASE_VERSION'),
                    string(defaultValue: '', description: 'The next development version', name: 'DEV_VERSION')])
                    ]
                  )
      
      node {
       
        stage('Checkout Software') {
          // Checkout core
          sshagent(["${SSH_USER}"]) {
            git([branch: 'develop', changelog: false,  poll: false, url: 'git@mygitserver:some-repo.git'])
          }
      }
      

        Attachments

          Activity

          Hide
          gtjwilkicki Joseph Wilkicki added a comment -

          Also checked this by passing credentialsId to the git step and it also appears to be unable to use the credentials by itself. Perhaps this is Jenkins-wide bug?

          Show
          gtjwilkicki Joseph Wilkicki added a comment - Also checked this by passing credentialsId to the git step and it also appears to be unable to use the credentials by itself. Perhaps this is Jenkins-wide bug?
          Hide
          jglick Jesse Glick added a comment -

          I think only Stephen Connolly understands how per-user credentials are supposed to be consumed.

          Show
          jglick Jesse Glick added a comment - I think only Stephen Connolly understands how per-user credentials are supposed to be consumed.
          Hide
          gtjwilkicki Joseph Wilkicki added a comment -

          Any update on this issue?  It works combined with the Authorize Project plugin and a Freestyle Job with the authorization set to run as the user that triggered the build.  It doesn't work, however, with a Pipeline job and a Scripted Pipeline.  I've tried with sshagent and with withCredentials and both fail in the same fashion.

          Show
          gtjwilkicki Joseph Wilkicki added a comment - Any update on this issue?  It works combined with the Authorize Project plugin and a Freestyle Job with the authorization set to run as the user that triggered the build.  It doesn't work, however, with a Pipeline job and a Scripted Pipeline.  I've tried with sshagent and with withCredentials and both fail in the same fashion.

            People

            • Assignee:
              Unassigned
              Reporter:
              gtjwilkicki Joseph Wilkicki
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: