How to configure Hudson and git plugin with an SSH key
Solution 1
We use Hudson, checking out the source code from git with an ssh key. We actually have Hudson on an ubuntu server, however. Hudson's ssh key pair lives in ~hudson/id_rsa and ~hudson/id_rsa.pub
So, adapting our advice for a Windows set-up:
The Windows-based developers on our team use MSysGit and regularly check out code via git over ssh -- but not using Putty/Pageant. We found Pageant to be painful due to some protocol errors with the login. Instead, they configured git to use openSSH (it's one of the options during the install). Their public/private key pair then lives in ~username/id_rsa and ~username/id_rsa.pub and it all works.
So, I'd recommend changing your git config to use OpenSSH rather than pageant. If nothing else, you won't need to worry about starting pageant.
You can use PuttyGen to generate the key. However, if you are using OpenSSH rather than pageant, you will need to export a suitable private key (from one of the menus at the top of PuttyGen) and save it as id_rsa, and copy-and-paste the public key from PuttyGen's GUI (it shows but won't save a suitable version for OpenSSH) and save that as id_rsa.pub. This is because Putty uses a slightly different format for the key than OpenSSH does.
Alternatively, of course, you can always host your hudson server on a ubuntu server (either a real one or through VirtualBox)
Solution 2
Another important note for windows (which I want to attach to this answer because I found this question very quickly, but found this additional detail I needed only after hours of searching):
Git wants the %HOME% environment variable set to your user's directory (I.E. C:\Documents and Settings\hudsonuser)... that's how it knows to look in there for the .ssh dir with the key files!
I found this out here on server fault (but don't have enough reputation there to upvote it).
Solution 3
I found I had to use a different tack to get this working on Ubuntu (with Jenkins, not Hudson, though otherwise it looks like basically the same problem. I checked the %HOME% environment variable through the Jenkins GUI and that looked right.
The key I wanted to use to identify Jenkins to the Github private repository already existed. I copied those to /var/lib/jenkins/.ssh -- both the id_rsa and the id_rsa.pub file for that key and account.
Initially I copied these as "root" and they were inaccessible to Jenkins so I was still getting errors (confusingly, the errors asked me to enter a passphrase when there wasn't any). So I did chown, chmod and chgrp to set these to be available to Jenkins.
I tested this by doing a git clone while logged in as the Jenkins user.
I know this path is specific to Ubuntu, but a similar setup making sure the key files are available, in the right place, and testing on the command line just doing git clone git:myrepo, might at least identify where Windows is different.
jlpp
Updated on July 09, 2022Comments
-
jlpp almost 2 years
I've got Hudson (continuous integration system) with the git plugin running on a Tomcat Windows Service. msysgit is installed and the msysgit bin dir is in the path. PuTTY/Pageant/plink are installed and msysgit is configured to use them.
When I run a job that attempts to clone the git repository I get the following error:
$ git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" ERROR: Error cloning remote repo 'origin' : Could not clone git@hostname:project.git ERROR: Cause: Error performing git clone -o origin git@hostname:project.git e:\HUDSON_HOME\jobs\Project Trunk\workspace Trying next repository ERROR: Could not clone from a repository FATAL: Could not clone hudson.plugins.git.GitException: Could not clone- Running git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" from the command line works without error.
- I've confirmed that my issue is not the same as Hudson git clone error because git is in the path and I don't get any error about the git executable on Hudson's Configure System page.
This leads me to believe that the problem is that the user who owns the Tomcat/Hudson Windows service (Local System) has no SSH key set up to be able to clone the git repository.
My question is, how can I set things up so that the git plugin/msysgit know to use a particular SSH key when trying to clone? I don't think Pageant will work because the Tomcat service is running as the "Local System" user, but I may be wrong. I have tried setting Pageant up as a service (using runassvc.exe), passing the appropriate key, and having it run as "Local System". The Tomcat/Hudson service doesn't seem to be able to see the key from the pageant service. Are there any other techniques for setting up a key?
Thanks.
EDIT: The discussion on http://n4.nabble.com/Hudson-with-git-and-ssh-td375633.html shows that someone else had a similar question. ssh-agent was suggested and this tool does come with msysgit but I'm not sure how to use it in conjunction with the Hudson service. Still, good clue if anyone can fill in the gaps. Thanks to Peter for the comment with the link.
Also, the discussion on http://n4.nabble.com/questions-about-git-and-github-plug-ins-td383420.html starts off with the same question. I'm trying to resurrect that thread.