Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50573

Wrong username used for git clone with OpenSSH 7.7

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Component/s: git-plugin
    • Labels:
      None
    • Environment:
      Windows
      Git 2.17 (specifically) from chocolatey
    • Similar Issues:

      Description

      Windows VMs, Alpine Linux docker images, Debian Buster ("testing"), macOS 10.13.6, and OpenBSD 6.3 installations which use OpenSSH 7.7 (on Windows as part of Git on Windows 2.17 and Git on Windows 2.18) use the wrong username when cloning git repos with ssh (private key authentication). They're using jenkins when git is explicitly specified.

      dir("dist-utils") {
          git credentialsId: 'ssh-id-rsa', url: 'ssh://git@github.com/zeroc-ice/dist-utils.git'
      }
       > git rev-parse --is-inside-work-tree # timeout=10
      Fetching changes from the remote Git repository
       > git config remote.origin.url ssh://git@github.com/zeroc-ice/dist-utils.git # timeout=10
      Fetching upstream changes from ssh://git@github.com/zeroc-ice/dist-utils.git
       > git --version # timeout=10
      using GIT_SSH to set credentials Jenkins SSH RSA Key 
       > git fetch --tags --progress ssh://git@github.com/zeroc-ice/dist-utils.git +refs/heads/*:refs/remotes/origin/*
      ERROR: Error fetching remote repo 'origin'
      hudson.plugins.git.GitException: Failed to fetch from ssh://git@github.com/zeroc-ice/dist-utils.git
      	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:862)
      	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1129)
      	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1160)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:113)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:85)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:75)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      	at hudson.security.ACL.impersonate(ACL.java:290)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress ssh://git@github.com/zeroc-ice/dist-utils.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
      stdout: 
      stderr: jenkins@github.com: Permission denied (publickey).
      fatal: Could not read from remote repository.
      
      Please make sure you have the correct access rights
      and the repository exists.
      
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1996)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1715)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:72)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:405)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:210)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:53)
      	at hudson.remoting.Request$2.run(Request.java:364)
      	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
      	at java.util.concurrent.FutureTask.run(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      	at hudson.remoting.Engine$1$1.run(Engine.java:94)
      	at java.lang.Thread.run(Unknown Source)
      	Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from sal.testing.zeroc.com/192.168.90.21:58772
      		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1737)
      		at hudson.remoting.UserResponse.retrieve(UserRequest.java:313)
      		at hudson.remoting.Channel.call(Channel.java:952)
      		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146)
      		at sun.reflect.GeneratedMethodAccessor700.invoke(Unknown Source)
      		at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      		at java.lang.reflect.Method.invoke(Method.java:498)
      		at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132)
      		at com.sun.proxy.$Proxy96.execute(Unknown Source)
      		at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:860)
      		at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1129)
      		at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1160)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:113)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:85)
      		at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:75)
      		at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      		at hudson.security.ACL.impersonate(ACL.java:290)
      		at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      		at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      		at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      		at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      		at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      		at java.lang.Thread.run(Thread.java:748)

      Note, most importantly,

      stderr: jenkins@github.com: Permission denied (publickey).

      Running a git clone manually using an ssh agent works fine:

      sshagent(credentials: ['ssh-id-rsa']) {
        bat "git clone git@github.com:zeroc-ice/dist-utils.git dist-utils"
      }

      Workarounds include:

      • Switch the username in the private key credential from the "actual user" to "git" (for example, instead of "MarkEWaite", use "git" as the credential username)
      • Switch to use username/password with https rather than a private key credential
      • Switch to use JGit as the git implementation for affected Jenkins jobs instead of command line git
      • Use a different version of OpenSSH (7.6 or earlier)

        Attachments

          Issue Links

            Activity

            Hide
            markewaite Mark Waite added a comment - - edited

            Jonathan B a git client plugin 2.7.3 pre-release build is available. Would you be willing to test it in your environment? I'm running it in mine and have confirmed it resolves the issue.

            Show
            markewaite Mark Waite added a comment - - edited Jonathan B a git client plugin 2.7.3 pre-release build is available. Would you be willing to test it in your environment? I'm running it in mine and have confirmed it resolves the issue.
            Hide
            nolange79 Norbert Lange added a comment -

            Hello, I did a quick test with the new version, and it solves the issue on my installation (docker with jenkins/jenkins:2.121.2-alpine). Thanks

            Show
            nolange79 Norbert Lange added a comment - Hello, I did a quick test with the new version, and it solves the issue on my installation (docker with jenkins/jenkins:2.121.2-alpine). Thanks
            Hide
            jonathanb1 Jonathan B added a comment -

            This pre-release build also looks good on my end. Thanks!

            Show
            jonathanb1 Jonathan B added a comment - This pre-release build also looks good on my end. Thanks!
            Hide
            markewaite Mark Waite added a comment -

            Included in git client plugin 2.7.3 and git client plugin 3.0.0-beta4 released 24 July 2018.

            Show
            markewaite Mark Waite added a comment - Included in git client plugin 2.7.3 and git client plugin 3.0.0-beta4 released 24 July 2018.
            Hide
            owenmehegan Owen Mehegan added a comment -

            I just wanted to add that MacOS 10.13.6 is also affected by this. It includes OpenSSH 7.8. Updating git-client fixes the problem on those hosts.

            Show
            owenmehegan Owen Mehegan added a comment - I just wanted to add that MacOS 10.13.6 is also affected by this. It includes OpenSSH 7.8. Updating git-client fixes the problem on those hosts.

              People

              • Assignee:
                markewaite Mark Waite
                Reporter:
                externl Joe George
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: