Questions
-
Why is there an error for "Warning: Permanently added the ECDSA host "? …when I’ve setup the manually provided keys for hosts in Configure Global Security
-
Why is permission denied? I know the key is good.
-
Is there any further logging I can enable to check if its actually using the right key etc…
Our Jenkins project pulls a repo from our regular repository bitbucket where the Jennkinsfile pipeline is found… Then in the pipeline is another git pull for some code in another third-party repository. Because We’re using automatically deployed EC2 build agents I don’t want to setup hosts and ssh config on the build agent. The credentials should be propagated from the server to the to the agents via credentials plugins.
Build Log
The recommended git tool is: NONE
using credential aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
Fetching changes from the remote Git repository git rev-parse --resolve-git-dir /home/ubuntu/repo/aosp/.git # timeout=10 git config remote.origin.url git@git.telcomstuff.com:8407/source_code.git # timeout=10
00:55:54 Fetching upstream changes from git@git.telcomstuff.com:8407/source_code.git git --version # timeout=10 git --version # 'git version 2.17.1'
using GIT_SSH to set credentials som git.telcomstuff.com
Verifying host key using manually-configured host key entries > git fetch --tags --progress -- git@git.telcomstuff.com:8407/source_code.git +refs/heads/*:refs/remotes/origin/* # timeout=10
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@git.telcomstuff.com:8407/source_code.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:1003)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1245)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1309)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:129)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:97)
at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:84)
at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress -- git@git.telcomstuff.com:8407/source_code.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: Warning: Permanently added the ECDSA host key for IP address 'www.xx.yy.zzz' to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
git@git.telcomstuff.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Project Config
script {
git branch: 'master',
credentialsId: 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
url: 'git@git.telcomstuff.com/source_code.git'
}
(I’ve also tried using ‘checkout GIT-SCM’ block, same result)
Dashboard > Manage Jenkins > Configure Global Security
- Git Host Key Verification Configuration
– Manually Provided Keys
– git.telcomstuff.com ecdsa-sha2-nistpxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dashboard > Manage Jenkins > Credentials …
- SSH Username with private key
– Username blank (not sure why its here?)
– Private key confirmed to connect on another system
Jenkins setup:
Jenkins 2.387.1 server running amazon linux in EC2
Jenkins build agents managed by the Amazon EC2 plugin in this case running Ubuntu 18. (requried by tird-party repository)
- [SSH Credentials Plugin Version 305.v8f4381501156 ]
- [SSH Build Agents plugin Version 2.877.v365f5eb_a_b_eec ]
- [SSH server Version 3.303.vefc7119b_ec23 ]
- [SSH Agent Version 333.v878b_53c89511 ]
- [Git client Version 4.2.0 ]
- [Git plugin Version 5.0.2 ]