Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53134

Git checkout fails when using an SSH key with a passphrase

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Component/s: git-plugin
    • Labels:
      None
    • Environment:
      Jenkins core 2.121.2 and 2.107.x
      Git Plugin latest
      Git api latest
    • Similar Issues:

      Description

      Issue:
      A checkout from the master can not be performed when using a ssh key with a passphrase. It will hang on this step:

      > git fetch --tags --progress git@github.com:alexanderrtaylor/support-kb-articles.git +refs/heads/*:refs/remotes/origin/*
      

      And eventually fail.

      Workaround:
      You can remove the passphrase and it will work normally

      Steps to reproduce:
      1. Create a SSH key with a specific passphrase like `testing` and add it to Jenkins
      2. Add ssh key to github
      3. Create a job(freestyle or pipeline the behavior is the same)
      4. Use the SSH key connect to the ssh location of the git url
      5. Watch as the job fails.

      This works normally if I use a shell step to clone from the agent but the git plugin seems to be causing the issue

        Attachments

          Issue Links

            Activity

            Hide
            dnusbaum Devin Nusbaum added a comment -

            Alex Taylor On my macOS master, it doesn't work for the reasons that Mark explained (the terminal is interactive, so it prompts for the key at the command line, which doesn't work). Once I used setsid and a local JNLP agent it worked fine.

            Are you getting a timeout, or a public key error?

            Show
            dnusbaum Devin Nusbaum added a comment - Alex Taylor On my macOS master, it doesn't work for the reasons that Mark explained (the terminal is interactive, so it prompts for the key at the command line, which doesn't work). Once I used setsid and a local JNLP agent it worked fine. Are you getting a timeout, or a public key error?
            Hide
            ataylor Alex Taylor added a comment -

            Mark Waite Yeah I think the setsid is probably affecting me because I am running Jenkins from the terminal.

            But my question would be how do I go about adding setsid on a master? I could normally add it onto the prefix to the agent but if I am doing a checkout on master then how would I add it?

            Show
            ataylor Alex Taylor added a comment - Mark Waite Yeah I think the setsid is probably affecting me because I am running Jenkins from the terminal. But my question would be how do I go about adding setsid on a master? I could normally add it onto the prefix to the agent but if I am doing a checkout on master then how would I add it?
            Hide
            markewaite Mark Waite added a comment -

            If the master is running as a service (for example, as installed by the rpm file on CentOS, the deb file on Debian, the pkg file on FreeBSD), then setsid is not needed. Services are already running without a controlling terminal.

            If the master is running in the foreground and your computer has a command `setsid` in the PATH, then you could pass the java property:

            org.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID=true
            
            Show
            markewaite Mark Waite added a comment - If the master is running as a service (for example, as installed by the rpm file on CentOS, the deb file on Debian, the pkg file on FreeBSD), then setsid is not needed. Services are already running without a controlling terminal. If the master is running in the foreground and your computer has a command `setsid` in the PATH, then you could pass the java property: org.jenkinsci.plugins.gitclient.CliGitAPIImpl.useSETSID=true
            Hide
            dnusbaum Devin Nusbaum added a comment -

            Alex Taylor There is no setsid shell command on macOS, so you have to compile https://github.com/jerrykuch/ersatz-setsid locally (make setsid), but once you do that I would expect that you could just run `/path/to/setsid java -jar jenkins.war` and then run a build on on the master.

            Show
            dnusbaum Devin Nusbaum added a comment - Alex Taylor There is no setsid shell command on macOS, so you have to compile https://github.com/jerrykuch/ersatz-setsid locally ( make setsid ), but once you do that I would expect that you could just run `/path/to/setsid java -jar jenkins.war` and then run a build on on the master.
            Hide
            markewaite Mark Waite added a comment -

            Alex Taylor the conversation seems to indicate that the problem you're detecting is related to executing Jenkins in the foreground on a machine that does not have the setsid command (not available on macOS or FreeBSD). I've marked this as resolved as a duplicate of JENKINS-20879.

            If I've misunderstood, please reopen the bug with more description of the failure mode.

            Show
            markewaite Mark Waite added a comment - Alex Taylor the conversation seems to indicate that the problem you're detecting is related to executing Jenkins in the foreground on a machine that does not have the setsid command (not available on macOS or FreeBSD). I've marked this as resolved as a duplicate of JENKINS-20879 . If I've misunderstood, please reopen the bug with more description of the failure mode.

              People

              • Assignee:
                Unassigned
                Reporter:
                ataylor Alex Taylor
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: