Jenkins git plugin with ssh access to bitbucket: Permission denied (publickey). fatal: Could not read from remote repository
I suspect, you have added ssh keys to your user, not to the jenkins user.
By default Jenkins in run by user Jenkins, which home directory is (by default) /var/lib/jenkins
. To check my hypothesis, please login as jenkins user:
su jenkins
and call:
git -c core.askpass=true ls-remote -h git@bitbucket.org:myproject.git HEAD
to check if it will return an error.
You should have /var/lib/jenkins/.ssh
directory which contains proper ssh
keys. You will need to add id_rsa.pub
from that directory to your account on bitbucket.
Next in job configuration just set:
Repository URL: git@bitbucket.org:ntti3/gtip.gitCredentials: - none -
Described configuration works for my Jenkins with bitbucket.
Please also ensure that .ssh directory has set proper access rights. Ssh doesn't like 'too open' directories:
-rw------- 1 jenkins jenkins 407 Apr 14 14:14 authorized_keys-rw------- 1 jenkins jenkins 1676 Nov 25 16:37 id_rsa-rw-rw-r-- 1 jenkins jenkins 400 Nov 25 16:38 id_rsa.pub-rw-r--r-- 1 jenkins jenkins 3096 Feb 11 12:11 known_hostsdrwx------ 2 jenkins jenkins 4096 Apr 14 14:14 .ssh
In my case the problem had something to do with having a jenkins user already created with home directory /home/jenkins and then installing jenkins as root. This may have created some confusion between whether the home directory was /var/lib/jenkins (as is normal) and /home/jenkins. The fix was to:
- userdel jenkins #Delete jenkins user
- rm -rf /home/jenkins; rm -rf /var/lib/jenkins #Remove old jenkins dirs
- Install jenkins again as normal process which creates jenkins user
- mkdir /var/lib/jenkins/.ssh; chmod 700 /var/lib/jenkins/.ssh
- cd /var/lib/jenkins/.ssh
- Create keypair using ssh-keygen, add key to bitbucket etc.
- Creating a credential in jenkins for newly minted id_rsa file
- Creating new project to use git plugin with repository url and id_rsa.pub file
Thanks for the help.
In my case, the problem was the RSA key fingerprint. I added the ssh key for the Jenkins user as described in the documentation but got the same error message. I solved it by logging in as the Jenkins user using
sudo su jenkins
Then, I typed in the following
git -c core.askpass=true ls-remote -h ssh://git@SERVER/PROJECT/REPO.git HEAD
And got the following message
The authenticity of host 'SERVER ([IP_ADDRESS]:PORT)' can't be established. RSA key fingerprint is 11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:ff. Are you sure you want to continue connecting (yes/no)?
By answering 'yes' to this question, the Bitbucket server is added to the list of known hosts and that really solved my issue.