Jenkins git plugin with ssh access to bitbucket: Permission denied (publickey). fatal: Could not read from remote repository

Question

I cannot get Jenkins git plugin to authenticate with a private git repo on bitbucket.org. I have generated a private / public key pair using ssh-keygen and set the public key in my bitbucket account under ssh keys account page.

In the job configure page I have set the Source Code Management section as follows:

Repository URL: [email protected]:mproject.git (the SSH url for clone)
Credentials: The private key id_rsa generated by ssh-keygen (no passphrase) and user git.

It immediately gives the following error:

Failed to connect to repository : Command "git -c core.askpass=true ls-remote -h [email protected]:myproject.git HEAD" returned status code 128:
stdout: 
stderr: Permission denied (publickey). 
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

When I do same git command from command line in workspace directory in a shell it works fine. I have my ~/.bashrc specified in Build Environment / Properties File Path so I am confused what could be different when it runs in the jenkins job.

I have just two users on my jenkins machine (jenkins and root) and I was running the git command as user jenkins. The home directory of user jenkins is /home/jenkins. My jenkins job runs as user anonymous. Could this be the issue?

I have the following .ssh files:

-rw-r--r--. 1 jenkins jenkins   89 Apr 25 11:18 config
-rw-r--r--. 1 jenkins jenkins  137 Apr 24 13:56 environment
-rw-------. 1 jenkins jenkins 1766 Apr 24 13:54 id_rsa
-rw-r--r--. 1 jenkins jenkins  425 Apr 24 13:54 id_rsa.pub
-rw-r--r--. 1 jenkins jenkins  806 Apr 25 12:06 known_hosts
drwx------. 2 jenkins jenkins 85 Apr 25 12:05 .ssh

Answer 1

I suspect, you have added ssh keys to your user, not to the jenkins user.

By default Jenkins in run by user Jenkins, which home directory is (by default) /var/lib/jenkins. To check my hypothesis, please login as jenkins user:

su jenkins

and call:

git -c core.askpass=true ls-remote -h [email protected]:myproject.git HEAD

to check if it will return an error.

You should have /var/lib/jenkins/.ssh directory which contains proper ssh keys. You will need to add id_rsa.pub from that directory to your account on bitbucket.

Next in job configuration just set:

Repository URL: [email protected]:ntti3/gtip.git
Credentials: - none - 

Described configuration works for my Jenkins with bitbucket.

Please also ensure that .ssh directory has set proper access rights. Ssh doesn't like 'too open' directories:

-rw-------  1 jenkins jenkins  407 Apr 14 14:14 authorized_keys
-rw-------  1 jenkins jenkins 1676 Nov 25 16:37 id_rsa
-rw-rw-r--  1 jenkins jenkins  400 Nov 25 16:38 id_rsa.pub
-rw-r--r--  1 jenkins jenkins 3096 Feb 11 12:11 known_hosts
drwx------   2 jenkins jenkins     4096 Apr 14 14:14 .ssh