Setup Jenkins Git Clone with ssh-agent on Windows

How to setup easier and troubleshoot problems while setup Git accompany with ssh-agent

Download installers

  • Download and install Git for Windows git-scm.com
  • Download and install Jenkins for Windows from jenkins.io

Install plugins

  1. Go to "Manage Jenkins" > "Manage Plugins"
  2. Choose tab "Available"
  3. Filter "Git plugin" and check the box next to "Git plugin"
  4. Filter "SSH Agent Plugin" and check the box next to "SSH Agent Plugin"
  5. Click "Download now and install after restart"
  6. After the message "Downloaded Successfully..." check the box "Restart Jenkins..."

Set "GIT_SSH" in Environment Variables

Jenkins's git use "OpenSSH", not "plink". If your system installed "PuTTY", looking for "GIT_SSH" in Jenkins's Environment Variables ("Manage Jenkins" > "System Information" > "Environment Variables"), it's look like this "GIT_SSH=C:\Program Files (x86)\PuTTY\plink.exe". This cause error below when you clone source:

stdout: 
stderr: plink: unknown option "-o" 
plink: unknown option "-p" 
fatal: Could not read from remote repository. 

This variable should be overwritten to make sure Jenkins's git use "OpenSSH":

  1. At Run: sysdm.cpl
  2. Go to "Advanced" > "Environment Variables..." > "System variables"
  3. Add new or change: Variable name is "GIT_SSH" and Variable value is "C:\Program Files\Git\usr\bin\ssh.exe"
  4. Restart Jenkins to take this effect and you can confirm change in Jenkins's Environment Variables

Add "ssh-agent" location to "PATH" in Environment Variables

SSH Agent Plugin need "ssh-agent" to start agent. Since Jenkins run as a service, you need add "ssh-agent" to "path" in "System variables", not your user. If SSH Agent Plugin can't find "ssh-agent", the error below occurred:

Could not find ssh-agent: IOException: Cannot run program "ssh-agent": CreateProcess error=2, The system cannot find the file specified
Check if ssh-agent is installed and in PATH
[ssh-agent] FATAL: Could not find a suitable ssh-agent provider
[ssh-agent] Diagnostic report
FATAL: [ssh-agent] Unable to start agent
java.lang.RuntimeException: [ssh-agent] Could not find a suitable ssh-agent provider.
Caused: hudson.util.IOException2: [ssh-agent] Unable to start agent

After add "ssh-agent" to "path" (e.g. "C:\Program Files\Git\usr\bin\"), restart Jenkins to take this effect and you can confirm change in Jenkins's Environment Variables (path)

Configure Jenkins

  1. Go to "Manage Jenkins" > "Global Tool Configuration"
  2. Configure JDK

    Set "Name" is "local_jdk". Set "JAVA_HOME" is "C:\Program Files\Java\jdk1.8.0_162"

  3. Configure Git

    Set "Name" is "local_git". Set "Path to Git executable" is "C:\Program Files\Git\cmd\git.exe"

  4. Click the "Save" button

Add new credential

  1. Go to "Credentials" > "System" and click to "Global credentials (unrestricted)"
  2. Click to "Add Credentials" and setup new Credential. Notes: option "From a file on Jenkins master" in Private Key of kind "SSH Username with private key" is accept .ppk file (PuTTY Private Key)

Add trust server's host key by manual (if it's not added automaticaly)

The Jenkins installer setup Jenkins to run as a service, which runs as the "Local System account", NOT your user account. Since the "Local System account" does not have SSH keys or known_hosts set up, "git clone" will fail by time out while wait to confirm (y/n) (run by Jenkins and you can't do anything)

The server\'s host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server\'s rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
If you trust this host, enter "y" to add the key to
PuTTY\'s cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)

You need to run as the “Local System account”, which requires PsTools

Open a "Command Prompt" (run as administrator) and run:

C:\>PsTools/PsExec.exe -i -s cmd.exe

This should open a new cmd prompt running as the "Local System account" and any SSH commands you run in this account will use the keys in "C:\Windows\SysWOW64\config\systemprofile\.ssh" (for 32-bit "C:\Windows\System32\config\systemprofile\.ssh")

However, we have a bug if add trust server's with "ssh" command

C:\>C:\Program Files\Git\usr\bin\ssh.exe -T git@your.git.server

You should get a response that looks like, but you can't type anything because terminal is hang

The authenticity of host \'your.git.server (xxx.xxx.xxx.xxx)\' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?

Our solution are use "plink" instead of.

' note: username is git
C:\>C:\Program Files (x86)\PuTTY\plink.exe -T git@your.git.server

If you want to actually test running "git" commands with "ssh-agent", you need to run "git-bash.exe" instead of "cmd.exe"

C:\>PsTools/PsExec.exe -i -s C:\Program Files\Git\git-bash.exe

You need start the "ssh-agent" in the background, add private key and verify keys list

$ eval `ssh-agent`
$ ssh-add ~/.ssh/id_rsa
$ ssh-add -l
$ /c/Program Files/Git/cmd/git.exe clone git@your.git.server:your-repo/your-project.git

References

GitHub: Generating a new SSH key and adding it to the ssh-agent and adding a new SSH key to your GitHub account

Bitbucket: setup a SSH key

Comments

Popular posts from this blog