3

I'm having a frustrating time getting this set up. Currently my Bitbucket account is having a problem connecting over HTTPS and so I'm trying to connect to my repo using SSH but have encountered problems.

This is my first time using Jenkins so bear with me. I installed Jenkins using homebrew which was very simple.

  1. I let Jenkins install the recommended plugins which included git and ssh plugins and created a password for the admin user.
  2. I generated a new SSH key on my machine using the method described here, added it as an Access Key to my Bitbucket repo, and confirmed that it worked by cloning from the terminal.
  3. I added the SSH keys to Jenkins and it picked up the public key from my ~/.ssh folder
  4. I created a new Freestyle project in Jenkins and added new git repository by supplying the git@bitbucket.org:myrepo.git URL.
  5. I instructed it to use my SSH key from the dropdown as credentials.

My efforts were rewarded with this error:

Failed to connect to repository : Command "git ls-remote -h git@bitbucket.org:myrepo.git HEAD" returned status code 128: stdout: stderr: Permission denied (publickey). fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

Some Possible Leads

I've heard it said that Jenkins creates a new user on your machine and that the reason the SSH key might not work is because the jenkins user does not have access to it. I have not found any evidence of it creating a user and have even heard that it does not create a user, maybe this was old behaviour.

I've tried switching to this Jenkins users as suggested here but to no avail.

Any help would be appreciated.

Edit: One additional thing I've heard (somewhere) is that it might work better if your SSH keys were created without a passphrase. Sounds like it would be less secure in that case so I'm not sure if I should try that.

TylerJames
  • 941
  • 8
  • 27
  • what user account did you generate the key for, and is the Jenkins slave using the same user? There should be a drop down under the clone url in jenkins to pick the correct user. – eeijlar Oct 03 '17 at 21:04
  • I used the same user account that I used to install Jenkins. I'm currently logged into Jenkins using the default admin account. In the credentials dropdown under the repo URL I see my own name as the only choice. Is there a way to tell what user the "Jenkins slave" corresponds to? – TylerJames Oct 04 '17 at 13:45
  • I am just trying to understand your environment. Is your machine a jenkins slave? – eeijlar Oct 04 '17 at 16:09
  • It's just a Mac Mini on which I'm trying to install Jenkins and Fastlane to automate my iOS builds whenever I commit to Bitbucket. It's not a dev machine or anything. – TylerJames Oct 04 '17 at 18:00
  • Can you try adding your private key to jenkins credentials? Jenkins > Credentials > System > Global credentials > select your user, select update, paste in private key – eeijlar Oct 04 '17 at 18:19
  • Yeah I added the credentials that way. That's how Jenkins recognizes them in the dropdown when I try to add the repo to the project. – TylerJames Oct 04 '17 at 19:40

1 Answers1

1

Okay I just found out what was going on.

Even though I added my SSH key to Jenkins and it was accessible via the Credentials dropdown in the Source Code Management section of my project the ssh-agent on my machine (which Jenkins uses) didn't know about my keys and I needed to add them.

Solution:

On the machine where Jenkins is installed:

  1. Open up a terminal
  2. Enter: ssh-add -l
  3. If you don't see your keys listed (mine said "The agent has no identities.") then you'll need to add them. Enter: ssh-add <path-to-key> (the default path is usually something like ~/.ssh/id_rsa)
  4. If you have a passphrase for your key you'll need to enter it here.
  5. Now go back to your Jenkins project, add your repo URL, then select your credentials and it should work

Hope that helps someone avoid wasting their time like I did.

TylerJames
  • 941
  • 8
  • 27