詹金斯:凭证中私钥的正确格式是什么 [英] Jenkins: what is the correct format for private key in Credentials
问题描述
我正在 Windows Server 2016 上运行的 Jenkins 2.152 中创建一个作业,该作业需要从托管在 bitbucket.org 上的 git 存储库中提取.我通过 git-bash 测试了 ssh 密钥,所以我知道它可以工作并且没有密码.当我尝试对 Jenkins 使用完全相同的私钥时,我收到一条错误消息.
I'm creating a job in Jenkins 2.152 running on Windows Server 2016 which needs to pull from a git repo hosted on bitbucket.org. I tested the ssh key through git-bash so I know it works and there is no passphrase. When I try to use the very same private key with Jenkins I get an error message.
Failed to connect to repository : Command "git.exe ls-remote -h
git@bitbucket.org:mygroup/myrepo HEAD" returned status code 128:
stdout:
stderr: Load key
"C:\Users\JE~1\AppData\Local\Temp\ssh2142299850576289882.key": invalid format
git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
凭据设置为
scope: Global
user: git
Private Key -> Enter Directly -> copy and past - generated by ssh-keygen -t rsa in gitbash
Passphrase: empty
ID: empty
description: bitbucket.org
我注意到在另一个 Windows Jenkins 服务器上,私钥每行的字符数不同
I noticed that on another Windows Jenkins server the private key has a different number of characters per line
有谁知道 Jenkins Credentials 中私钥的预期格式是什么?或者也许还有其他我可以检查的东西.
Does anybody know what is the expected format of Private Key in Jenkins Credentials? Or maybe there is something else that I could check.
非常感谢任何帮助.
推荐答案
检查您使用的适用于 Windows 的 Git 版本:从 2.19.2 开始,它带有 OpenSSH v7.9p1(从之前的 7.7 开始)
Check the version of Git for Windows that you are using: Starting 2.19.2, it comes with OpenSSH v7.9p1 (from 7.7 before)
而且... openssh 7.8 刚刚更改了默认的 ssh-keygen 格式,从一个经典的 PEM 64 个字符,一个 OPENSSH 一个 70 个字符!
And... openssh 7.8 just changed the default ssh-keygen format, from a classic PEM 64-chars, to an OPENSSH one 70 chars!
只有 ssh-keygen -m PEM -t rsa -P "";-f afile 将生成旧格式 (-m PEM)
Only ssh-keygen -m PEM -t rsa -P "" -f afile would generate the old format (-m PEM)
默认写入 OpenSSH 格式的私钥,而不是使用 OpenSSL 的 PEM 格式.
ssh-keygen(1):write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
OpenSSH 格式自 2014 年起在 OpenSSH 版本中得到支持,并在源代码分发的 PROTOCOL.key 文件中进行了描述,提供了更好的离线密码猜测保护,并支持私钥中的关键注释.
如有必要,可以通过添加-m PEM"来编写旧的 PEM 样式的密钥.生成或更新密钥时 ssh-keygen 的参数.
The OpenSSH format, supported in OpenSSH releases since 2014 and described in the PROTOCOL.key file in the source distribution, offers substantially better protection against offline password guessing and supports key comments in private keys.
If necessary, it is possible to write old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when generating or updating a key.
这篇关于詹金斯:凭证中私钥的正确格式是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
