It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to use generated SSH-KEY in pipelines? Edited

I generated a key pair in repo -> settings -> ssh keys

and copied the pub key to autorized_keys of server

and added the fingerprint on bitbucket too

 

but my pipelines fail with

 

File "<decorator-gen-3>", line 2, in run  
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 29, in opens
self.open()
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 615, in open
self.client.connect(**kwargs)
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 437, in connect
passphrase,
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 749, in _auth
raise saved_exception
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 662, in _auth
key_filename, pkey_class, passphrase
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 571, in _key_from_filepath
key = klass.from_private_key_file(key_path, password)
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/local/lib/python3.6/site-packages/paramiko/ed25519key.py", line 76, in __init__
data = self._read_private_key("OPENSSH", f)
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid OPENSSH private key file

 

 

Do I really need to store the private key in pipelines env var ?

Can't the pipeline pick up the default identity by itself?

 

Any help is welcome

 

1 answer

1 accepted

0 votes
Answer accepted
Graham Gatus Atlassian Team Mar 05, 2019

If you inspect the ~/.ssh/config directory in your pipeline, it contains an entry for IdentityFile, which points to the location of the private key which was generated via the UI. This location resolves to  '/opt/atlassian/pipelines/agent/ssh/id_rsa'. Using tools such as git or ssh, they would check ~/.ssh/config to find the key location.

I notice you are using a python based tool - theres a possibility it is looking for the private key under ~/.ssh/, which doesn't exist. If this is the case, you can either configure the tool to use the correct location (/opt/atlassian/pipelines/agent/ssh/id_rsa), or copy the key from /opt/atlassian/pipelines/agent/ssh/id_rsa to under ~/.ssh/ to satisfy the tools requirements.

Storing keys in environment variables would only be necessary if you required multiple keys as Pipelines currently only supports adding a single key via the UI (e.g ssh into multiple services, or using git+ssh for committing back to Bitbucket and ssh for connecting to a remote server).

Thanks Graham

Explicit path to key worked.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

...ipe.sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

4,010 views 4 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you