Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40217

Git plugin can't clone when SSH Agent is enabled with different credentials

    Details

    • Similar Issues:

      Description

      Hi, ...

      How to replicate:
      1. Create freestyle job
      2. Add git scm with SSH url and select ssh key for it
      3. Enable SSH Agent in Build Environment section and select different key for it

      Result:

      Cloning the remote Git repository
      Cloning repository ssh://git@stash:7999/cm/ansible.git
       > git init /opt/jenkins/workspace/ansible/cm-ansible-potiomkin-sync-34 # timeout=10
      Fetching upstream changes from ssh://git@stash:7999/cm/ansible.git
       > git --version # timeout=10
      using GIT_SSH to set credentials jenkins at stash ssh
       > git fetch --tags --progress ssh://git@stash:7999/cm/ansible.git +refs/heads/*:refs/remotes/origin/*
      ERROR: Error cloning remote repo 'origin'
      hudson.plugins.git.GitException: Command "git fetch --tags --progress ssh://git@stash:7999/cm/ansible.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
      stdout: 
      stderr: Repository not found
      The requested repository does not exist, or you do not have permission to access it.
      fatal: Could not read from remote repository.
      
      Please make sure you have the correct access rights
      

      Disabling SSH Agent fixes the problem.

      Adding two keys to ssh agent doesn't work as expected for me. It looks like only first ssh key is used/visible.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Maybe a flaw in one of the (almost-)pure-Java implementations. Try again with the native one coming up in 1.14.

            Show
            jglick Jesse Glick added a comment - Maybe a flaw in one of the (almost-)pure-Java implementations. Try again with the native one coming up in 1.14.
            Hide
            geerlingguy Jeff Geerling added a comment -

            I'm still having this issue on Jenkins 2.58 with the SSH Agent plugin version 1.15.

            Steps to reproduce:

            1. Add a Job with Git source code management
            2. Choose a deploy key for the Repository
            3. Save the job and build it
            4. Verify that the job clones the Repository correctly (SUCCESS)
            5. Configure the Job again
            6. Enable SSH Agent
            7. Add two keys in SSH Agent config—and set the deploy key used for Git as the second key
            8. Run the job again
            9. Now the job fails when attempting to connect to the SCM repo.

            I've also verified that if I set the SCM repo key as the first one used by the SSH Agent plugin, that git clone works.

            So I guess the bug is actually: Only the first key added to the SSH Agent seems to work in the Job build process.

            Show
            geerlingguy Jeff Geerling added a comment - I'm still having this issue on Jenkins 2.58 with the SSH Agent plugin version 1.15. Steps to reproduce: Add a Job with Git source code management Choose a deploy key for the Repository Save the job and build it Verify that the job clones the Repository correctly (SUCCESS) Configure the Job again Enable SSH Agent Add two keys in SSH Agent config—and set the deploy key used for Git as the second key Run the job again Now the job fails when attempting to connect to the SCM repo. I've also verified that if I set the SCM repo key as the first one used by the SSH Agent plugin, that git clone works. So I guess the bug is actually: Only the first key added to the SSH Agent seems to work in the Job build process.
            Hide
            geerlingguy Jeff Geerling added a comment -

            As a workaround, I'm disabling the SSH Agent plugin for this job (since I need to use two different keys), and choosing the key for the SCM task, then as part of the build process, I've added:

            eval `ssh-agent -s`
            ssh-add /var/lib/jenkins/.ssh/private_key_here
            Show
            geerlingguy Jeff Geerling added a comment - As a workaround, I'm disabling the SSH Agent plugin for this job (since I need to use two different keys), and choosing the key for the SCM task, then as part of the build process, I've added: eval `ssh-agent -s` ssh-add / var /lib/jenkins/.ssh/private_key_here
            Hide
            jglick Jesse Glick added a comment -

            Not sure offhand. Jenkins is just running ssh-add so see what happens when you do the same things from the command line.

            Show
            jglick Jesse Glick added a comment - Not sure offhand. Jenkins is just running ssh-add so see what happens when you do the same things from the command line.
            Hide
            killuazhu xianjun zhu added a comment -

            This sounds like `git-plugin` issue to me instead of `ssh-agent plugin` issue. Once explicitly specify a ssh key for the scm clone, `git-plugin` should use that key to clone the repo instead of using entries in `ssh-agent` environment.

            Show
            killuazhu xianjun zhu added a comment - This sounds like `git-plugin` issue to me instead of `ssh-agent plugin` issue. Once explicitly specify a ssh key for the scm clone, `git-plugin` should use that key to clone the repo instead of using entries in `ssh-agent` environment.
            Hide
            jglick Jesse Glick added a comment -

            I suspect this is a dupe of JENKINS-30600.

            Show
            jglick Jesse Glick added a comment - I suspect this is a dupe of  JENKINS-30600 .

              People

              • Assignee:
                Unassigned
                Reporter:
                emdepl Maciej De
              • Votes:
                4 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: