I have a GIT repository on bitbucket, which I want my Jenkins Server to access automatically. This is only possible using public/private key authentication. So I created a key pair and uploaded the public key to bitbucket. The public and the private key are on my server in the .ssh folder of the tomcat user running jenkins. I am able to clone my project when I am logged in as that user on the server.
However I am unable to get jenkins to actually check out the code from bitbucket. It always says:
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Well I assume that this happens because when accessing the repository over ssh I need to provide the passphrase for my private key and jenkins is unable to do this automatically. I read that it is possible to avoid beeing asked for the passphrase by providing a config file inside the .ssh folder containing the following content:
Host bitbucket.org
IdentityFile ~/.ssh/id_dsa
I did so, but as soon as I provide that file I can no longer clone the repository from bitbucket. Not even directly from the server, getting the same error message as shown above.
Did anyone manage to make this setup work? I also read the following thread here on stackoverflow that was of no use to me: How do i set a private ssh key for hudson / jenkins to access bitbucket? and I checked that tomcat really runs under user tomcat6 by creating an empty test project that simply runs “whoami”. So I am pretty much out of ideas for fixing the problem.
Specifying an IdentityFile in your config doesn’t change whether you have to provide a password for the ssh key. That’d be a gaping security hole if it did. The only way you can not be required to provide a password for your ssh key is if your ssh key doesn’t have a password.
So, you should create an ssh key specifically for your jenkins instance and, if Bitbucket allows, only give read-only access to your repository for that key.