Jenkins hangs when trying to fetch from Stash

Question

I am trying to configure Jenkins to work with Atlassian Stash. I have gotten as far as (apparently) getting the Git plugin to successfully ping Stash, as there are no longer any error messages from the Git plugin page. I am using Git with SSH, and I have configured my Stash account with the correct SSH key. I should also mention that my office is behind a firewall, hence the proxy server for Stash. Here is a screenshot of the Jenkins Git configuration:

The console output indicates failure after the default 10 minute timeout. Here is what the console output says:

 > C:\Program Files (x86)\Git\bin\git.exe fetch --tags --progress ssh://[email protected]:7999/project/myrepo.git 
+refs/heads/*:refs/remotes/origin/*
ERROR: Timeout after 10 minutes
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "C:\Program Files (x86)\Git\bin\git.exe fetch --tags --progress ssh://[email protected]:7999/project/myrepo.git +refs/heads/*:refs/remotes/origin/*" returned status code -1:
stdout: 
stderr: 
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn
    ...

When I run the following Git command directly from the Windows bash, it completes quickly, although there is no output:

$ time git fetch --tags --progress 
ssh://[email protected]:7999/pcb_imst/
wigbotsimulator.git +refs/heads/*:refs/remotes/origin/*

real    0m5.530s
user    0m0.093s
sys     0m0.062s

Also, when I remove the credentials from Jenkins and try to build, I get an authentication error almost immediately (Permission denied (publickey)). So it definitely seems that Jenkins can hit Stash, though it does not appear to be able to complete a fetch.

I am out of ideas on how to fix this. It is strange that Git works locally but does not work when Jenkins uses it.

Answer 1

After conversing extensively with @VonC and no glaring errors having turned up, I made an attempt to have Jenkins connect via HTTPS. Initially I had abandoned HTTPS because it too was not working. To my surprise, the HTTPS build worked without error.

I was getting ready to give up on SSH, when, as a last resort, I decided to use the following private key option:

In other words, I cut and pasted my private key (~/id_rsa) directly into Jenkins. To my amazement, this worked! I am working off a VM, and my user folder is on an F: drive, which apparently Jenkins was not able to read.

So the root cause of my problem was in fact a problem with the SSH private key file. But the exact error was that this private key was not readable by Jenkins. A lesson learned is to make sure that Jenkins has the ability to read every file which it needs to function. Just because your Git setup is working locally does not mean it will also be working for Jenkins.

Answer 2

As discussed, using the Jenkins SSH credential plugins is the right solution.
Copying directly the private SSH key is easier than relying on Jenkins master to know where to find ~/.ssh/id_rsa (on Windows, %USERPROFILE%\.ssh\id_rda), especially considering Jenkins often used with the System account, not the local one.

Stash has the public key. If Jenkins has the private key, it will be able to complete the authentication.

HTTPS would work too, considering the credential manager is the stash one, which has already cached the username/password.