Permission denied (publickey) when setting up Jenkins

Question

I am setting up Jenkins on a Win 2008 server machine and am having some trouble configuring Jenkins to connect to GitHub. I get the following error:

Command "git.exe fetch -t git@github.com:USER/REPO.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: Permission denied (publickey).
fatal: The remote end hung up unexpectedly

ERROR: Could not fetch from any repository
FATAL: Could not fetch from any repository
hudson.plugins.git.GitException: Could not fetch from any repository
    at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:950)
    at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:908)
    at hudson.FilePath.act(FilePath.java:758)
    at hudson.FilePath.act(FilePath.java:740)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:908)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1184)
    at hudson.model.AbstractBuild$AbstractRunner.checkout(AbstractBuild.java:537)
    at hudson.model.AbstractBuild$AbstractRunner.run(AbstractBuild.java:425)
    at hudson.model.Run.run(Run.java:1376)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
    at hudson.model.ResourceController.execute(ResourceController.java:88)
    at hudson.model.Executor.run(Executor.java:175)

Things I Have Checked

• The Jenkins service is running under my username.
• I changed my SSH key so it no longer has a password.
• I have verified my SSH key is valid by executing the same command as Jenkins using msysgit.
• Verified all my paths are correct.

Jenkins Configuration Settings

• Jenkins 1.418
• GitHub plugin 0.5
• Git plugin 1.1.9

msysgit Works but CMD Prompt Does Not When I navigate to a valid repo and execute the command from the DOS prompt, it also fails.

Do you have any idea what I may be missing?

Thanks for your help.

Answer 1

As I commented, specifying the HOME environment variable is key, when using ssh protocol.
Since Windows doesn't have a HOME , you need to define it explicitly, to whatever directory you want.

However, Vestnik comments:

I've specified to override HOME on the windows slave node to point it to C:\jenkins .
I've put correct id_rsa under the C:\jenkins\.ssh but still have this issue.
My slave agent running as service under SYSTEM account.

• Similar issue: " Problem with Hudson + Git + Gitosis on windows "
• Similar resolution: " Problem with Hudson + Git + Gitosis on windows "

Two advices:

• you need to make your slave display ' set ' in order to check if HOME is defined when used with the SYSTEM account.
  If it is not, that may mean you need to add that variable to the "system environment variables", not the "user environment variables".

• Don't forget to have both id_rsa and id_rsa.pub in the %HOME%\.ssh directory: you need both public and private ssh keys. (as mentioned in " git clone with ssh issue ")

If you have a parametrized build, you also can define HOME that way and check if your slave picks up the right value for HOME :

Answer 2

There are two plugins in jenkins related to ssh that can be used: Publish Over SSH and Jenkins SSH plugin .

The first plugin gives the availability to set a global ssh key and the second plugin gives the availability to set various ssh keys.

Next you need to install two more plugins that will be used in the project configuration GitHub Plugin and Jenkins Git Plugin .

The GitHub plugin will be used to set the GitHub project . The Jenkins Git plugin will be used to set the "URL of repository" and other things like a branch etc.

All the plugins are available from the tab available in the Jenkins Plugin Manager.

Copied from my blog post, on the topic :

Jenkins configuration:
The Jenkins SSH plugin give the availability to set private key per host, the second plugin do the job for a global host.
If Jenkins SSH plugin is used, then in SSH remote hosts write the host, user, passphrase and the path to the private key.
If Publish Over SSH is used, then in SSH setting write the passphrase and paste the private key or write the path to it.
The project configuration is:
GitHub Project https://github.com/GitUser/iOS-project/
*Source Code Management
-> Git
-> -> Repositories
-> -> -> URL of repository: git@github.com:GitUser/iOS-project.git
-- It is up to you configure a branch or take the default one --
*Build Triggers
-> Poll SCM -- Seted --
-> Schedule: * * * * *
*Build
-> Executed Shell

-> -> Command:  xcodebuild -target iOS-project -configuration AdHoc -sdk iphoneos5.0 clean
-> -> Command:  agvtool new-version -all $BUILD_NUMBER 
-> -> Command:  xcodebuild -target iOS-project -configuration AdHoc -sdk iphoneos5.0
-> -> Command:  xcrun -sdk iphoneos5.0 PackageApplication -v $WORKSPACE/build/AdHoc-iphoneos/iOS-project.app -o  $WORKSPACE/build/AdHoc-iphoneos/iOS-project-$BUILD_NUMBER.ipa PROVISIONING_PROFILE="<provisioning profile>" 
-> -> Command:  curl http://testflightapp.com/api/builds.json -F file=@$WORKSPACE/build/AdHoc-iphoneos/iCushion-1.0-$BUILD_NUMBER.ipa -F api_token=<api_token> -F team_token=<team_token> -F notes="This is an autodeploy build from Jenkins!" -F notify=True -F distribution_lists="<distributedlist 1>, <distributedlist 2>"

Answer 3

It appears the git plugin now provides a way to point Jenkins to the home directory.

1. Click the credential add button.

2. Point Jenkins to your private key.

3. Select the newly-added credentials from the list.

Answer 4

In my environment (Jenkins 64-bit with Java 32-bit, running in a Windows Server 2016 64-bit), the solution was put the key in the C:\Windows\SysWOW64\config\systemprofile\.ssh folder. According to the Git Plugin documentation :

By default, the Jenkins Windows installer sets up Jenkins to run as a service on Windows, which runs as the “Local System account”, NOT your user account. Since the “Local System account” does not have SSH keys or known_hosts set up, “git clone” will hang during the build. It's possible to keep Jenkins running as the “Local System account” and clone repositories via SSH by making sure that the “Local System account” is set up with a properly configured.ssh directory (ie id_rsa, id_rsa.pub, AND known_hosts)