Jenkins pipeline fails git clone using sshagent plugin?

Question

Jenkins v2.164.3, ssh agent plugin 1.19

I created a new Ubuntu build node, called it test-fleet arbitrarily. I have the following file in the node

/home/ubuntu/.gitconfig
------------------------
[user]
(tab)name = myUser
(tab)email = myUser@myemail.com

$ ls -al .gitconfig
-rw-r--r-- 1 ubuntu ubuntu   58 Jan 25 04:27 .gitconfig

Now I have a Jenkins pipeline that does this

node('test-fleet') {
   stage('test git') {
     sshagent(credentials: ['myUser-creds']) {
       sh """
          export GIT_SSH_COMMAND=\"ssh -v\"
          git ls-remote git@bitbucket.org:project/myrepo.git
       """
     }
   }
}

I get this in my job's console

[ssh-agent] Using credentials myUser-creds (Bitbucket credentials)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Exec ssh-agent (binary ssh-agent on a remote machine)
SSH_AUTH_SOCK=/tmp/ssh-V4G1oYutEMCW/agent.16446
SSH_AGENT_PID=16448
Running ssh-add (command line suppressed)
ssh-agent
Identity added: /home/jenkins/workspace/Utilities/Playground/test-ec2-fleet-ssh@tmp/private_key_2248848783998450720.key (/home/jenkins/workspace/Utilities/Playground/test-ec2-fleet-ssh@tmp/private_key_2248848783998450720.key)
Cloning into 'myrepo'...

+ git ls-remote git@bitbucket.org:project/myrepo.git
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.2] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_d603cef0bf app-133
debug1: no match: conker_d603cef0bf app-133
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I know I'm using the correct creds, and that the repo exists. I have another build node, and it works on THAT node, so I know my Jenkins is set up correctly, and the problem is on the new build node.

Any clues on how to solve this?

Answer 1

Check first the same key works when doing a git ls-remote git@bitbucket.org:project/myrepo.git in a session using the same user as the one running Jenkins.

And check the myUser-creds is the actual passphrase (not password: passphrase) protecting the SSH private key. Where it comes to SSH, the is no "credentials" as in username/password.

Answer 2

First of all, check which user owns the Jenkins. You can find it out by listing the owner of jenkins install directory (/var/lib/jenkins is the default). Then log in with that user and check out .ssh folder for that user. As Jenkins is using SSH for the checkout, based on this answer here you should have a problem in $HOME/.ssh/known_hosts. Follow the guidelines for the link provided for the correct user running jenkins to make git checkout work. The problem is that myUser actually does not have any ssh repository to be able to check the ssh keys. Either create myUser in your machine and add .ssh folder, or use another user.