Jenkins:凭证中私钥的正确格式是什么 [英] Jenkins: what is the correct format for private key in Credentials
问题描述
我正在Windows Server 2016上运行的Jenkins 2.152中创建作业,该作业需要从bitbucket.org上托管的git存储库中提取. 我通过git-bash测试了ssh密钥,因此我知道它可以正常工作并且没有密码短语. 当我尝试对Jenkins使用完全相同的私钥时,我收到一条错误消息.
I'm creating a job in Jenkins 2.152 running on Windows Server 2016 which needs to pull from a git repo hosted on bitbucket.org. I tested the ssh key through git-bash so I know it works and there is no passphrase. When I try to use the very same private key with Jenkins I get an error message.
Failed to connect to repository : Command "git.exe ls-remote -h
git@bitbucket.org:mygroup/myrepo HEAD" returned status code 128:
stdout:
stderr: Load key
"C:\\Users\\JE~1\\AppData\\Local\\Temp\\ssh2142299850576289882.key": invalid format
git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
凭据设置为
scope: Global
user: git
Private Key -> Enter Directly -> copy and past - generated by ssh-keygen -t rsa in gitbash
Passphrase: empty
ID: empty
description: bitbucket.org
我注意到在另一台Windows Jenkins服务器上,私钥每行具有不同数量的字符
I noticed that on another Windows Jenkins server the private key has a different number of characters per line
有人知道Jenkins凭证中私钥的预期格式是什么吗?也许还有其他我可以检查的东西.
Does anybody know what is the expected format of Private Key in Jenkins Credentials? Or maybe there is something else that I could check.
非常感谢您的帮助.
推荐答案
Check the version of Git for Windows that you are using: Starting 2.19.2, it comes with OpenSSH v7.9p1 (from 7.7 before)
然后... openssh 7.8 刚刚更改了默认的ssh-keygen格式,一个经典的PEM 64个字符,到OPENSSH一个70个字符!
And... openssh 7.8 just changed the default ssh-keygen format, from a classic PEM 64-chars, to an OPENSSH one 70 chars!
只有ssh-keygen -m PEM -t rsa -P "" -f afile会生成旧格式(-m PEM)
ssh-keygen(1):默认情况下写入OpenSSH格式的私钥,而不使用OpenSSL的PEM格式.
ssh-keygen(1):write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
OpenSSH格式自2014年以来一直受OpenSSH支持,并在源代码发行版的PROTOCOL.key文件中进行了描述,它提供了更好的防止脱机密码猜测的保护,并支持私钥中的键注释.
如有必要,可以在生成或更新密钥时通过在ssh-keygen的参数中添加"-m PEM"来编写旧的PEM样式的密钥.
The OpenSSH format, supported in OpenSSH releases since 2014 and described in the PROTOCOL.key file in the source distribution, offers substantially better protection against offline password guessing and supports key comments in private keys.
If necessary, it is possible to write old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when generating or updating a key.
这篇关于Jenkins:凭证中私钥的正确格式是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
