multibranch pipeline & checkout over shh & permission denied

377 views
Skip to first unread message

Ewelina Wilkosz

unread,
May 23, 2019, 7:37:23 AM5/23/19
to Jenkins Users
I have a pipelineJob where I use ssh to clone repository and configured credentials, let's call it X, are working great

I also have a multibranch pipeline, where I configured "Checkout over SSH" and select same X credentials, but I can't clone
I get 

ERROR: Error fetching remote repo 'origin'
[...]
stderr: Permission denied (public key)
fatal: Could not read from remote repository

The same user could clone via https, but there are some submodules configured via ssh, so I need ssh working...

Any ideas? 

Mark Waite

unread,
May 23, 2019, 8:44:23 AM5/23/19
to Jenkins Users
Submodule authentication in the git plugin and git client plugin requires that the same protocol must be used for the parent repository and the submodules.  Different credential methods are required to provide command line git with http/https credentials than with ssh credentials.  A mix of the two in a single repository definition would require much more sophisticated operations from the git plugin than it is currently able to perform.

If the submodules and the parent repo are all using the same protocol (ssh or http), then you may need to enable the checkbox which causes the git plugin to use credentials with submodule operations.  I believe it is disabled by default.


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/89f8e2a2-6082-4642-90ac-31f8da684c06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Thanks!
Mark Waite

Ewelina Wilkosz

unread,
May 23, 2019, 8:57:12 AM5/23/19
to Jenkins Users
I see,

but in my case I don't event get to submodules. multibranch pipeline fails on checking out main repo via ssh - I use checkout over SSH option - when a regular pipelineJob has no trouble with ssh


On Thursday, May 23, 2019 at 2:44:23 PM UTC+2, Mark Waite wrote:
Submodule authentication in the git plugin and git client plugin requires that the same protocol must be used for the parent repository and the submodules.  Different credential methods are required to provide command line git with http/https credentials than with ssh credentials.  A mix of the two in a single repository definition would require much more sophisticated operations from the git plugin than it is currently able to perform.

If the submodules and the parent repo are all using the same protocol (ssh or http), then you may need to enable the checkbox which causes the git plugin to use credentials with submodule operations.  I believe it is disabled by default.


On Thu, May 23, 2019 at 5:37 AM Ewelina Wilkosz <ewel...@gmail.com> wrote:
I have a pipelineJob where I use ssh to clone repository and configured credentials, let's call it X, are working great

I also have a multibranch pipeline, where I configured "Checkout over SSH" and select same X credentials, but I can't clone
I get 

ERROR: Error fetching remote repo 'origin'
[...]
stderr: Permission denied (public key)
fatal: Could not read from remote repository

The same user could clone via https, but there are some submodules configured via ssh, so I need ssh working...

Any ideas? 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins...@googlegroups.com.


--
Thanks!
Mark Waite

Mark Waite

unread,
May 23, 2019, 9:11:08 AM5/23/19
to Jenkins Users
You might double check that the private key credential you're using with that checkout does not use a passphrase, or if it uses a passphrase, does not include any shell special characters in the passphrase.  There is a known bug in the git client plugin handling of ssh passphrases with shell special characters.

You might also double check that the private key you're using is recognized by both agent and server.  I've generated ed25519 private keys in the past only to discover that they were not recognized on one or more of the old systems that I needed to support.  I will be surprised if that is the case here, since that usually has a different error message, but it is worth checking.

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a7a0bb7c-4b82-4f7f-b57e-29b9ff210f3e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


--
Thanks!
Mark Waite

Ewelina Wilkosz

unread,
May 23, 2019, 9:16:45 AM5/23/19
to Jenkins Users
I am using exactly the same credentials to clone the same repo in a different type of job (pipelineJob) at the same agent - so I am almost 100% sure the credentials and keys are ok.
I am wondering if this is some weird behavior from the plugin that someone else encountered or maybe I messed something else :)


--
Thanks!
Mark Waite

Ewelina Wilkosz

unread,
May 23, 2019, 10:17:12 AM5/23/19
to Jenkins Users
here is an update
the ssh credentials accepted by other types of job are not recognized as ssh credentials in multibranch pipeline...

ERROR: Credentials 'X' is of type 'Username with password' where 'com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey' was expected

those were created with jcasc
if we create credentials manually, in jenkins UI, and they look exactly the same way X does, it works 
so jcasc creates ssh credentials good enough for some jobs, but multibranch pipeline doesn't recognize it at ssh :(

Ewelina Wilkosz

unread,
May 23, 2019, 10:29:35 AM5/23/19
to Jenkins Users
update no 2, and the case is closed
I had username and password type of credentials, with user the same as id of ssh credentials... once I've changed ssh credentials id it started working 
Reply all
Reply to author
Forward
0 new messages