Jenkins and Github authentication using SSH keys

[John T Huber]

My team migrated from TFS to Github a couple months ago and we have been using Jenkins for our continuous integration testing. We are using the Jenkins Git plugin to poll our git repository and git clone after any check-in. Up until this past week, we have using the username/password method of authentication and it has been working fine. We were using Jenkins jobs to first do a git clone of our the git repository containing all dependencies of the master branch and then cloning the master branch. This makes compilation a little troublesome because the directory where the dependencies project is clone must be in a certain location relative to the master project for the master compilation script to recognize it and build correctly.

To mitigate this issue, we have modified the build/compile script of the master branch of our project to do the git clone of our dependencies project itself so that we don't have to build two separate projects. The issue with this in order for the build/compile script to successful pull from our private git repository, we have to authenticate Jenkins using private SSH keys instead username/password. So yesterday I began configuring Jenkins git to use SSH keys, the process was a breeze on Linux but a little trickier on Windows. Since Jenkins runs as a service on Windows, getting Git to look in the correct location and use the correct id_rsa SSH key to do this was a bit of a hassle but after spending a couple hours on it, I was able to get Jenkins cloning master successfully using SSH credentials.

The next step in our Jenkins job, after cloning the master is to execute a Windows batch script which compiles the project using cmake. The cloning of the dependencies project occurs in a cmake script called through the Jenkins batch script.  The issue I am running into now is when the camke script for calls git clone to clone the dependencies project, it fails to authenticate due to an SSH authentication (publickey) error. My best guess as to what is happening is that once the Jenkins git plugin has successfully cloned the project and the job proceeds to the batch command step, the SSH key is released from whatever SSH-agent Jenkins git uses, so when git clone is called in the cmake script the authentication failed since the SSH Agent is no longer running. I'm think the Jenkins SSH Agent plugin may solve this issue but I'm not 100% sure.

 I have done a lot of googling about this issue and have tried basically everything I can find. This includes putting the .ssh directory in C:\Windows\System32\config\systemprofile directory which is apparently the default path for %HOME% for git. I have also tried setting the HOME variable with setx.  I was just wondering if anyone else has run into a similar problem with Github and SSH on Windows and has any suggestions. 

[Mark Waite]

I've never seen git plugin managed ssh credentials work from a windows service.  https://issues.jenkins-ci.org/browse/JENKINS-20356 is the bug report that describes the issue and some of the explorations that have been attempted.

As far as I know, the git plugin doesn't require an ssh-agent process to retain its keys.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2cc3919e-b9c1-4594-ac2e-748a593163e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[M Franzen]

The Jenkins ssh-agent plugin doesn't work on Windows. I'm running Jenkins as a service under a user with limited rights. The used ssh settings can be found in the file /C/Users/<userid>/.ssh/config. But this should not be necessary as you define this also in the Jenkins -> Credentials.

But there is a way to use git commands in a Jenkins job:

Create your private key without a password. In the section SCM checkout from git(hub) with the key as defined in the Jenkins credentials. Now you can use the git commands (in a Jenkins command box).

Op vrijdag 23 oktober 2015 18:35:09 UTC+2 schreef Mark Waite: