在jenkins下的git clone / ssh [英] git clone/ssh under jenkins

问题描述

我使用存储作为git存储库管理器。隐藏使您可以为每个尝试连接和克隆的用户添加ssh密钥。我已经为所有的unix用户配置好了，但windows给了我很多时间。 Windows从机（2008 R2服务器）上的git克隆进程会永久挂起，因为它可能找不到保存密钥的.ssh目录。当从cli手动运行相同的命令时，它工作正常。

我尝试了各种各样的配置，使用％HOME％env变量等。它根本不适合我。在这个问题上花了一天时间，但没有任何工作。

获得任何帮助。

解决方案

在客户端詹金斯），你需要检查运行Jenkins Jobs的用户是否知道一个％HOME％环境变量：它需要它的％HOME％.ssh\\ \\ id_rsa.pub public ssh key there。

请参阅 Jenkins - Git - 权限denied（publickey）

在服务器上（ Stash from Atlassian ），您需要确保〜stachAadminAccount \.ssh\authorized_keys 确实包含您的公钥。

除此之外，您需要调试ssh连接：

  ssh -vvvT ssh：//git@stash.atlassian.com：7999 / path / to / repo.git 
  

（用于管理的帐户替换 git ）存放并替换 stash.atlassian.com:7999 由您的 server：port ）

---

<1>我已经明确地向％HOME％添加了系统env vars在奴隶，只是为了确保它被注入。它可能不需要，但我添加它，看看它是否会有影响

它需要 ：ssh将在％HOME％/。ssh

下寻找密钥（私有和公共）

2）我从来不必在存储下乱搞ssh密钥。实际上，所有隐藏的用户都是内部存储的，并且不是 / etc / password 文件或类似的文件的一部分，所以没有 authorized_keys 文件仍然存在 - user1577236 7小时前

a /不是 / etc / password file：确定那些没有在/ etc / password中注册：我们不是在这里谈论用户帐户，而是关于允许用户打开安全shell会话的ssh密钥唯一的用户帐户（存储管理员帐户）：所有ssh命令都将在同一个帐户下执行。

$ c> authorized_keys file：当然它应该存在：当你报告使用ssh协议的克隆工作时，它涉及一个纯粹的ssh通信，这意味着寻找公钥在服务器端的〜/ .ssh / authorized_keys 。

文件不存在的唯一方法是如果Stash启动它自己的ssh守护进程，配置为在ano中查找密钥其他文件/公共密钥源。

关于2 - 你在存储过程中所做的事情是将公钥添加到存储空间中，为每个用户。

这可能是，但是Stash应该只是ssh的一个不错的前端。 3）如前所述，使用git ssh在命令行中运行git clone命令。

3）协议工作正常，所以我应该在调试会话中寻找什么？

您必须将 ssh -vvvT 作为其定义的Jenkins作业唯一的命令：这样，你会看到詹金斯的观点是行不通的。

我很想调试Jenkins过程，看看它在ssh会话中的作用，但我不知道该怎么做（但......）。刚刚开始与詹金斯两周前左右合作。

在Windows上，进程资源管理器至少有一个第一步，以便查看在哪个帐户下以及Jenkins进程（及其作业）运行的环境变量。

I am using stash as a git repository manager. stash enables you to add ssh keys for each user trying to connect and clone from it. I have configured it fine for all unix users but windows is giving me hard times. the git clone process on the windows slave machine (2008 R2 server) hangs forever since it probably doesn't find the .ssh directory, where the keys are kept. when running the same command manually from cli, it works fine.

I have tried all sorts of configurations, played with %HOME% env variable,etc. it simply won't work for me. spent more then a day on this issue but nothing worked.

any help is appreciated.

解决方案

On the client side (Jenkins), you need to check if the user running the Jenkins Jobs knows about a %HOME% environment variable: it needs its %HOME%.ssh\id_rsa.pub public ssh key there.
See "Jenkins - Git - Permission denied (publickey)"

On the server (Stash from Atlassian), you need to make sure the ~stachAadminAccount\.ssh\authorized_keys does contain your public key.

Beside that, you need to debug the ssh connexion:

ssh -vvvT ssh://git@stash.atlassian.com:7999/path/to/repo.git

(replacing git by the account used for administrating Stash, and replacing stash.atlassian.com:7999 by your server:port)

---

1) I have explicitly added %HOME% to the system env vars on the slave , just to make sure it's injected in. it may not be needed but I added it to see if it will have an affect

It is needed: ssh will look for keys (private and public) under %HOME%/.ssh

2) I never had to mess with ssh keys under stash. in fact, all the users for stash are internal to stash and are not part of the /etc/password file or anything like that, so no authorized_keys file exists anyway – user1577236 7 hours ago

a/ " not part of the /etc/password file": Sure those are not registered in /etc/password: we are not talking about user account here, but about ssh keys allowing a user to open a secure shell session as one unique user account (the stash admin account): all ssh commands will be executed under the same account.

b/ "no authorized_keys file": of course it should exist: when you are reporting that a clone with ssh protocol works, it involves a pure ssh communication, which means looking for public key on the server side in a ~/.ssh/authorized_keys.
The only way that file doesn't exist is if Stash launch its own ssh daemon, configured to look for keys in another file/source of public keys.

regarding 2 - what you do in stash is to add the public key into a spacial place in stash, for each user.

That may be, but Stash should just be a nice front-end for ssh. All the ssh mechanism behind it should still be updated.

3) as mentioned, running the git clone command from the command line with git ssh protocol works fine, so what should I be looking for in the debug session ?

You must define a Jenkins job which does the ssh -vvvT as its sole command: that way, you would see what doesn't work from the Jenkins perspective.

I would love to debug the Jenkins process and to see what it does during it's ssh session, but I don't know how to do that ( yet...). just started to work with Jenkins 2 weeks ago or so.

On windows, a process explorer is at least one first step in order to see under which account, and with what environment variable the Jenkins process (and its jobs) are running.

这篇关于在jenkins下的git clone / ssh的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！