从 Jenkins（在 Docker 图像中）访问 BitBucket 存储库

Question

Our team is trying for days to get this accessbut we arre tottally stucked on how todo.

Scenario:

• Jenkins installed in remote AWS machine that has access only through specific VPN address
• Normal BitBucket account with access ro repositories using SSH keys

Where I stuck?

At very initial part to get access to directory, following the steps:

0. Created keys with linux ssh keygen command and put public key on Bitbucket repository Security Settings.

1. after logged in Jenkins I start a new task,then Freestyle build and Go

2. Inside task I hit "Settings" go to Source code configurations, select git and put the repository as: git@bitbucket.org:my_company/my_repo.git

3. On credentials I click on Add/Jenkins: and configure "Kind" as "SSH Username with private key", write my Username, in Private Key click on Enter Directly and paste my Private SSH key in field, Finish clicking in ADD.

4. I choose the new credential created...

What's the problem?

get RED error message - and can't access BitBucket repo:

Failed to connect to repository : Command "git ls-remote -h -- git@bitbucket.org:cryptoblock/cblock1.git HEAD" returned status code 128:
stdout:
stderr: No RSA host key is known for bitbucket.org and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

What I've tried?

• I tried to change many times the generated keys

• I tried to put the private key at machine that hosts docker container with jenkins

• I entered on container with jenkins and put private key at /root/.ssh directory

• I entered on container with jenkins logged dave sudo permissions to jenkins user and put private key at ~/.ssh directory

• find this answer that says to put command

 jenkins@jenkins_host $ ssh-keyscan -H bitbucket.com >> ~/.ssh/known_hosts

But I receive answer: bash: /var/jenkins_home/.ssh/known_hosts: Permission denied even trying as sudo ( changing sudoers file)

• some another answeers I found is related to https: access method, and in repo we use at company is only permitted ssh access

What works?

• On this remote machine where docker is installed, shh keys was rightly accepted as I'm able to git clone this repository normally, same as I do in my private machine and in all cases I've used same ssh private key.

Answer 1

After some research on @mzm answer I build out a solution following this steps:

1 - Create ssh key-pair with ssh-keygen

• a) private key goes to Jenkins > Manage Credentials >kind: SSH key
• b) public key (.pub) goes to Bitbucket Repository Security settings

Then:

2 - Install Docker with Jenkins and run its docker

3 - on host (where docker is running), execute:

• a) docker ps ( get container ID)
• b) docker exec -u 0 -it <ID> /bin/bash
• c) apt update
• d) apt install sudo
• e) apt install nano
• f) sudo visudo
• g) in file that will open insert this line: jenkins ALL=(ALL) NOPASSWD:ALL
• h) get out of jenkins docker as root: exit

check jenkins docker ID, with docker ps

4 - Enter in jenkins docker with command exec -it <ID> /bin/bash and execute in order:

• a) copy console output
• b) create folder: mkdir /var/jenkins_home/.ssh
• c) enter in folder: cd /var/jenkins_home/.ssh
• d) create file: touch known_hosts
• e) put result from scan into created file: ssh-keyscan -H bitbucket.org > known_hosts

After that should be possible to jenkins connect through ssh with Bitbucket.