I'm doing Jenkins config for first time. All the configuration about git, ssh, etc. is made in a linux server by console (VM). I've created a user and password for git and added the public key to the bitbucket host, I have connected by command line in linux to bitbucket and everything was fine. But when I try to connect to the remote repo in Jenkins Job Config, I get this error:
Failed to connect to repository : Command "/usr/bin/git -c core.askpass=true ls-remote -h 'repo' HEAD" returned status code 128:
stdout:
stderr: fatal: Authentication failed for 'repo'
Any idea?
Thanks in advance.
Finally I got a solution just writing the repo url as : https://:#bitbucket.org//.git
Maybe it would exist another for avoiding to express the password in the url.
Thank you #ComputerDruid and rest of comunity ;)
Related
I have installed git in the Linux server(Server1) and created a remote git repository in that server1 Now I need to clone the git repository to server2 through Jenkins so I installed Jenkins in the server2, Now Jenkins was hosted in server2.
In Jenkins I have created a freestyle project, In the Repository URL section, I entered the URL of git repo like: git#<server1_ip>:/opt/dev/repo/pals/ui.git
For authentication, I have tried each credential one by one given below:
git repo username and password
git repo username and SSH Private key
Jenkins username and password
Jenkins username and SSH Private key
But I am facing the below error:
Repository URL
git#<server1_ip>:/opt/dev/repo/pals/ui.git
Failed to connect to repository : Command "git ls-remote -h -- git#<server1_ip>:/opt/dev/repo/pals/ui.git HEAD" returned status code 128: stdout: stderr: Permission denied, please try again. Permission denied, please try again. git#<server1_ip>: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
git#<server1_ip>:/opt/dev/repo/pals/ui.git
That is an SSH URL, which means you need to:
register the private key in Jenkins server2 using the Jenkins SSH Credential plugin (try a passphrase-less key, to avoid any issue with SSH agent, for testing)
make sure server1:~git/.ssh/authorized_key has the public key in it.
On server2, you can at least test ssh -i /path/to/private/key git#server1 to make sure that works first. Then test from Jenkins.
I am trying to run python test cases through Jenkins, it has the git clone command with ssh key.
Command : git clone -v ssh://user#host:29418/project folder_to_clone
Getting the error like :
Warning: Permanently added '[host]:29418,[100.64.42.4]:29418' (RSA) to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
But while running locally everything fine, On Jenkins only getting this issue.
You need to add create a shh key using ssh-key , add it to both jenkins credentials and the git repository you are trying to fetch the code from.
I have configured Jenkins on a Linux machine and my git repo is on an another Linux server. But when I try to give the URL of the repo to Jenkins I get the following error.
Failed to connect to repository : Command "git -c core.askpass=true ls-remote -h ssh://user#ip/~/export1 HEAD" returned status code 128:
stdout:
stderr: Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
What could be the cause for this?
I have seen that both the systems' rsa key is present in each other's .ssh/known_hosts folder.
I am able to pull or clone code from the repo to a folder in Jenkins system as well. So why is Jenkins not able to take it?
I have also tried the URL user#ip:/fullpath/to/repo
You need to make sure Jenkins is running as the right user (the one who has the keys in ~/.ssh/id_rsa(.pub)
That user might not be the same as the one used in the ssh url: user#ip means you are connecting to ip using an account which has your public key in ~user/.ssh/authorized_key.
So the Jenkins process must be run by an account which has the private and public key, whose public key is in ~user/.ssh/authorized_key on the git server side.
And that account should have done (only once) an ssh-keyscan -H ip >> ~account/.ssh/known_hosts before any ssh attempt, in order to record the git server ip as a known host.
Does it being a bare repo make any difference or change in the URL?
No. The .git at the end of the bare repo folder is optional when used as an url.
Further to #VonC's reply, you can also use the Credentials plugin to define a set of credentials on your Jenkins master that your Jenkins job uses to access your Git repo. This allows you to run Jenkins itself as a different user from there one that has access to the Git repo.
The main problem was the security of the systems. I hadnt checked the authentication mechanisms on my server. The password authentication to the git server was causing the problem because the jenkins machine tries to directly fire a ls-remote to the path. When you do the same thing on the terminal you will be prompted for a password and then itl accept. When I set the password authentication and UsePAM to no and enabled the RSA authentication, pubkey authentication and authorised key setting to yes in the sshd_config file, and restarted, it was able to access the repo and I dint get this error.
Our setup:
Gitlab CE
Gitlab 7.8.4
Git-shell: 2.5.4
Gitlab API: v3
Ruby: 2.1.5p273
Rails: 4.1.1
This is test is on a private repository owned by the same user that is trying to push to it (user is admin). Environment check is clean with no errors. Same error whether we try HTTPS or SSH. SSH worked before the upgrade.
Error:
git push -u origin master
/usr/local/lib/ruby/2.1.0/json/common.rb:155:in `parse': 757: unexpected token at 'false' (JSON::ParserError)
from /usr/local/lib/ruby/2.1.0/json/common.rb:155:in `parse'
from /home/git/gitlab-shell/lib/gitlab_access_status.rb:13:in `create_from_json'
from /home/git/gitlab-shell/lib/gitlab_net.rb:34:in `check_access'
from /home/git/gitlab-shell/lib/gitlab_shell.rb:25:in `exec'
from /home/git/gitlab-shell/bin/gitlab-shell:16:in `<main>'
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Similar issue:
https://gitlab.com/gitlab-org/gitlab-ce/issues/838
It would appear that we have proper access via HTTPS and SSH, but something on the server, perhaps with git-shell is not right.
What we've done so far:
sudo -u git -H bundle exec rake gitlab:shell:setup RAILS_ENV=production
Made sure 'AllowUsers git' was in sshd_config
ssh-keygen -A
ssh-keygen: generating new host keys: ED25519
Tried different version of git-shell back to 2.2.0.
# ssh git#gitlab.domain.com
PTY allocation request failed on channel 0
Welcome to GitLab, Anonymous!
Connection to gitlab.domain.com closed.
As Geoff pointed out, my issue was a badly configured gitlab-shell/config.yml. Once the type for gitlab_url was corrected, we were able to push and pull without any issues with HTTPS and SSH.
I can successfully execute git pull in linux command line on my VPS, but when I execute a bash file containing "git pull" with execFile in Nodejs, it gave me an error: Command failed: Host key verification failed. How can I solve this problem?
Update:
The whole error message I get is:
{ [Error: Command failed: Host key verification failed. fatal: Could not read
from remote repository. Please make sure you have the correct access rights
and the repository exists. ] killed: false, code: 1, signal: null }
It seems that it's not the same problem with the question dylants provided.
The bash file script is like this, I use it to auto deploy my nodejs app:
git pull && pm2 reload www
I am using ssh protocol instead of https protocol on my vps in order to prevent the password prompt each time I git pull from my bitbucket repository. So ssh keys were generated in my user directory ~/.ssh/. I think the reason why nodejs failed to execute the bash file is this: The user who run the bash file in nodejs app is different from the user who run the bash file in command line. so the user running nodejs can't use the ssh keys located in ~/.ssh for verification.
Is that right? How to fix it?
I think you have correctly identified the problem: the nodejs application does not have access to your ssh credentials. You have a few options available:
If you can make the repository available for anonymous read-only access via http:// or git:// protocols, you can have the nodejs pull changes without requiring any sort of credentials.
You can generate an ssh key for the nodejs user and grant that user read-only access to the repository. You would just need to generate an ssh keypair in the appropriate location for that user.
You could drop your own credentials where your nodejs app can make use of them, but this has a number of security problems -- if your webapp is compromised, the attacker can write changes to your repository that will appear to come from you. So don't use this option.