How to use generated SSH-KEY in pipelines?

jai March 5, 2019

I generated a key pair in repo -> settings -> ssh keys

and copied the pub key to autorized_keys of server

and added the fingerprint on bitbucket too

 

but my pipelines fail with

 

File "<decorator-gen-3>", line 2, in run  
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 29, in opens
self.open()
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 615, in open
self.client.connect(**kwargs)
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 437, in connect
passphrase,
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 749, in _auth
raise saved_exception
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 662, in _auth
key_filename, pkey_class, passphrase
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 571, in _key_from_filepath
key = klass.from_private_key_file(key_path, password)
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/local/lib/python3.6/site-packages/paramiko/ed25519key.py", line 76, in __init__
data = self._read_private_key("OPENSSH", f)
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid OPENSSH private key file

 

 

Do I really need to store the private key in pipelines env var ?

Can't the pipeline pick up the default identity by itself?

 

Any help is welcome

 

1 answer

1 accepted

2 votes
Answer accepted
Graham Gatus
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2019

If you inspect the ~/.ssh/config directory in your pipeline, it contains an entry for IdentityFile, which points to the location of the private key which was generated via the UI. This location resolves to  '/opt/atlassian/pipelines/agent/ssh/id_rsa'. Using tools such as git or ssh, they would check ~/.ssh/config to find the key location.

I notice you are using a python based tool - theres a possibility it is looking for the private key under ~/.ssh/, which doesn't exist. If this is the case, you can either configure the tool to use the correct location (/opt/atlassian/pipelines/agent/ssh/id_rsa), or copy the key from /opt/atlassian/pipelines/agent/ssh/id_rsa to under ~/.ssh/ to satisfy the tools requirements.

Storing keys in environment variables would only be necessary if you required multiple keys as Pipelines currently only supports adding a single key via the UI (e.g ssh into multiple services, or using git+ssh for committing back to Bitbucket and ssh for connecting to a remote server).

jai March 6, 2019

Thanks Graham

Explicit path to key worked.

Like Oleksandr Kyrdan likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events