Add GitHub private repo to Jenkins

Question

I am trying to add my private GitHub repo to a Jenkins job.

I selected source control 'Git', put the ssh link to my GitHub and selected my credentials but it still gives me this error.

Failed to connect to repository : Command "git ls-remote -h -- git@github.com:DanSmith/MyPrivateRepo.git HEAD" returned status code 128:
stdout:
stderr: Warning: Permanently added the RSA host key for IP address '140.**.***.*' to the list of known hosts.
Load key "/tmp/ssh87617326.key": invalid format
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

VonC · Answer 1 · 2019-09-14T13:19:26.517

1

You can follow "Setup Jenkins for private GitHub repository" from Maciej Najbar.

The steps involve:

creating a dedicated private SSH key

ssh-keygen -m PEM -t rsa -P "" -C "jenkins.me" -f jenkinskey

That will create a jenkinskey/jenkinskey.pub, without passphrase (since Jenkins would not be able to enter one at runtime).
Its format should be (for the private key) an SSH one, not openssh: 64 chars wide, note 76.

registering that public (not private) key in your GitHub account
registering your private key as a Credential in Jenkins (assuming your have the SSH Credentials plugin installed)
Make sure to copy ----BEGIN RSA PRIVATE KEY----- up to -----END RSA PRIVATE KEY-----, without missing a '-' (as mentioned here)

make sure Jenkins knowns about github.com
```
ssh -T git@github.com
```

Even if the ~jenkins/.ssh has no key, that will add github.com to your ~jenkins/.ssh/known_hosts.

Finally, use the credential name your entered before for your Git configuration of your Jenkins job:

edited Sep 14 '19 at 13:19

answered Sep 14 '19 at 04:23

VonC

1,262,500
529
4,410
5,250

I've done all that but get the error I said above in the last step after adding the repo url and setting the credentials – Dan Sep 14 '19 at 05:02
@Dan does a `ssh -Tv -i /path/to/private/key git@github.com` works? – VonC Sep 14 '19 at 05:04
Yes it says successfully authenticated – Dan Sep 14 '19 at 06:14
@Dan Then, if the private key is entered in the Jenkins SSH Credentials, and its entry is used in the job settings (and there is no passphrase associated with said key), this should work. – VonC Sep 14 '19 at 06:15
There is a passphrase but I entered it. – Dan Sep 14 '19 at 06:17
In GitHub I put the public key in Settings>SSH Keys and in Jenkins in the credentials I put the private key and passphrase – Dan Sep 14 '19 at 06:18
@Dan The all point of the answer is to highlight that a private key used by Jenkins should be created **without** any passphrase. – VonC Sep 14 '19 at 06:18
@Dan From the article: Jenkins is a service and it won't be able to enter passphrase when connecting to ssh – VonC Sep 14 '19 at 06:19
@Dan the ssh-keygen I mention in my answer is made to create a private key *without* passphrase. For a reason. It will work. – VonC Sep 14 '19 at 06:19
Can't it easily be hacked then since I have to open a port also to connect while Im not home? – Dan Sep 14 '19 at 06:19
1

@Dan No, it cannot be "easily hacked": that is why you create a dedicated SSH key *just for Jenkins*, to be registered in your GitHub account, separate from your usual SSH key (which can have a passphrase): if you had the slightest doubt, you can revoke that one key and regenerate another. – VonC Sep 14 '19 at 06:21
1

@Dan But again, try and follow my answer: it should work. – VonC Sep 14 '19 at 06:21
How do I get rid of / revote the current key I got from ssh-genkey before doing the new one? – Dan Sep 14 '19 at 06:22
@Dan Simply remove it from your SSH keys in your GitHub settings, and remove it from your Jenkins SSH Credentials – VonC Sep 14 '19 at 06:23
I forgot the command to get the private key from ssh that I did earlier, do you happen to know it? – Dan Sep 14 '19 at 06:28
@Dan I have included in the answer the ssh-keygen to generate a new one, but I don't know about your previous one. – VonC Sep 14 '19 at 06:31
It's asking for a password `[sudo] password for jenkins:` – Dan Sep 14 '19 at 06:42
@Dan In which environment (user session) are you typing this? You can litteraly type that on any computer: the private key is copied in Jenkins and the public one on GitHub. – VonC Sep 14 '19 at 06:44
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/199453/discussion-between-dan-and-vonc). – Dan Sep 14 '19 at 06:44
@VonC, no doubt this will be a popular answer. When discussion concluded, please update your answer so as to capture any missing details, same for the OP's questiion and hopefully it can be marked as "answered". Thx from all of us for your usual S/O excellence! – Ian W Sep 14 '19 at 07:18
@IanW no problem. The discussion is still ongoing! – VonC Sep 14 '19 at 07:30

Add GitHub private repo to Jenkins

1 Answers1

Linked