Relationship between GitHub credentials and Jenkins Service account (running as Windows Service)

[Christopher List]

We are running Jenkins as a windows service on win2012 machine, and it's working fine. 

The problem we have is that we're trying to change the service account that it is running under. 

The old and new service accounts are both local admins on the machine.

When we change the service account, everything seems to run fine, but our connection to GitHub using a Personal Access token stored in the global jenkins credentials stops working with the classic error:

stderr: Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I've re-entered the credentials into Jenkins (thinking perhaps they are secured by the service account) and they still don't work.

As soon as I change the jenkins service back to the old service account, the pull from GitHub works fine. 

Do I need to grant the new account access to something? Is there something I need to configure in Jenkins for the new service account? (note that I didn't do the original setup of jenkins on this server, I've inherited it)

Thanks,
Chris

[Mark Waite]

The message "Host key verification failed" is only reported by git when it is using a private key for authentication.  A personal access token is a type of username/password, not a type of private key.  

You may want to double check that the GitHub URL that you are using is an https URL, not an ssh URL.  The https URL's use personal access tokens.  The ssh URL's (like ssh://g...@github.com/MarkEWaite/git-plugin.git and g...@github.com:MarkEWaite/git-plugin.git) use private keys.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/ca29e9ef-fa81-4040-9ea2-49f1a9d36417%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[James Fairweather]

We are running the Jenkins service under another account (i.e. not the Local System Account), and accessing our GitHub projects via ssh.  The private key is stored in Jenkins.  I assume that's what you're doing too.  It's working fine here.

Are you sure the credential stored in Jenkins is actually being used?  Verify this by removing the credential from Jenkins and check if the pull still works from the old service account.  If it does, you can be certain that the Jenkins credential wasn't actually being used before.

[Björn Pedersen]

Hi,

Am Donnerstag, 13. September 2018 17:07:28 UTC+2 schrieb Christopher List:

We are running Jenkins as a windows service on win2012 machine, and it's working fine. 

The problem we have is that we're trying to change the service account that it is running under. 

The old and new service accounts are both local admins on the machine.

When we change the service account, everything seems to run fine, but our connection to GitHub using a Personal Access token stored in the global jenkins credentials stops working with the classic error:

stderr: Host key verification failed.
fatal: Could not read from remote repository.

This is a typical ssh error if the hostkey (from the github server) is unknow to the local user account trying to access it. Probably the easiest way is to access github via ssh once from that account and accept the hostkey.

Björn