55

I'm trying to get Jenkins up and running with a GitHub hosted repository (using the Jenkins Git plugin). The repository has multiple git submodules, so I'm not sure I want to try and manage multiple deploy keys.

My personal GitHub user account is a collaborator of each of the projects I wish to pull in with Jenkins, so I've generated an SSH key within /var/lib/jenkins/.ssh and added it to my personal GitHub account.

However, when I try and add the repository URL to my Jenkins project configuration, I get:

Failed to connect to repository : Command "git ls-remote -h git@github.com:***/***.git HEAD" returned status code 128:
stdout: 
stderr: Host key verification failed. 
fatal: The remote end hung up unexpectedly

Likewise, when I schedule a build I get:

stderr: Host key verification failed.
fatal: The remote end hung up unexpectedly

I've also tried setting up an SSH config file as outlined here, but to no avail.

Can anyone shed any light? Thanks

EDIT

I should add that I'm running CentOS 5.8

David Birks
  • 163
  • 2
  • 5
James
  • 1,950
  • 3
  • 22
  • 39

4 Answers4

65

It looks like the github.com host which jenkins tries to connect to is not listed under the Jenkins user's $HOME/.ssh/known_hosts. Jenkins runs on most distros as the user jenkins and hence has its own .ssh directory to store the list of public keys and known_hosts.

The easiest solution I can think of to fix this problem is:

# Login as the jenkins user and specify shell explicity,
# since the default shell is /bin/false for most
# jenkins installations.
sudo su jenkins -s /bin/bash

cd SOME_TMP_DIR
# git clone YOUR_GITHUB_URL

# Allow adding the SSH host key to your known_hosts

# Exit from su
exit
Tuxdude
  • 47,485
  • 15
  • 109
  • 110
  • @Adam - You never mentioned about the `known_hosts` ;) You were only talking about the `id_rsa.pub` public key :D – Tuxdude Mar 09 '13 at 19:30
  • 1
    I did. (*Often times you see failure if the host has not been added or authorized*). I just did not mention explicitly the file. – Adam Gent Mar 09 '13 at 19:31
  • Anyways you beat me to it, while I was formatting the answer :D – Tuxdude Mar 09 '13 at 19:32
  • Thanks for both your replies ;) I thought it might be something to do with known hosts, but I'm unable to login as jenkins. I managed to set a password for the user and I get a password prompt but the user session isn't switched when I provide it. Is there a way to manually add github as a known_host? – James Mar 09 '13 at 19:34
  • @James when you `sudo` its whatever the user your logged in as password and not the jenkins password. So you'll need a sudo user or even easier login as root and then run the sudo command. – Adam Gent Mar 09 '13 at 19:37
  • If you're running as `root` (say using sudo), you should be able to switch to any other user using the `su` command without any password. you can just do `echo $HOME` or `whoami` to confirm this. – Tuxdude Mar 09 '13 at 19:37
  • Indeed, I am logged in as root. `su jenkins` does nothing; I'm still root@servername. `echo $HOME` gives me `/root` – James Mar 09 '13 at 19:39
  • What does `su - jenkins` do ? – Tuxdude Mar 09 '13 at 19:44
  • @Tuxdude this does the same as I mentioned above. It might help to mention that I'm able to `passwd jenkins` without issue, so I find it odd that I can't login – James Mar 09 '13 at 19:47
  • 4
    I think I know the issue. Run this command: `usermod -s '/bin/bash' jenkins` to set the shell as `/bin/bash` instead of the default `/bin/false` that gets set for the jenkins user. Then you should be able to `su`. – Tuxdude Mar 09 '13 at 20:00
  • Perfect. That's worked; I'm now getting a git config error (haven't set it for Jenkins). Thanks for your help! – James Mar 09 '13 at 21:34
  • Just realized `su` has an option to specify shell, so that you don't need to run `usermod`, have updated the answer :) – Tuxdude Mar 09 '13 at 21:39
  • Minor tweak: `sudo su -l jenkins -s /bin/bash` `-l` drops you into the `jenkins` user home directory and sets the login environment variables. In some environments, this might be necessary for like `LD_PATH`. – bishop Jul 28 '14 at 15:53
  • Thank you so much. I have searched this forever. Went through many blogs but no luck. This line did it: sudo su jenkins -s /bin/bash. Why nobody else mention this critical command? This is the only thing I did not do, so much time wasted. – Ray Apr 09 '16 at 03:08
  • When I try to `git clone` under `jenkins` user I get `error fatal: could not create work tree dir ''.: Permission denied` – mrgloom Dec 24 '16 at 12:11
6

Have you tried logging in as the jenkins user?

Try this:

sudo -i -u jenkins #For RedHat you might have to do 'su' instead.
git clone git@github.com:your/repo.git

Often times you see failure if the host has not been added or authorized (hence I always manually login as hudson/jenkins for the first connection to github/bitbucket) but that link you included supposedly fixes that.

If the above doesn't work try recopying the key. Make sure its the pub key (ie id_rsa.pub). Maybe you missed some characters?

Adam Gent
  • 47,843
  • 23
  • 153
  • 203
4

According to this article, you may try following command:

   ssh-add -l

If your key isn't in the list, then 

   ssh-add /var/lib/jenkins/.ssh/id_rsa_project
RabitChang
  • 166
  • 4
1

This works for me if you have config and the private key file in the /Jenkins/.ssh/ you need to chown (change owner) for these 2 files then restart jenkins in order for the jenkins instance to read these 2 files.

Jianhong
  • 899
  • 9
  • 11