Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to use generated SSH-KEY in pipelines?

jai
jai
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 5, 2019

I generated a key pair in repo -> settings -> ssh keys

and copied the pub key to autorized_keys of server

and added the fingerprint on bitbucket too

 

but my pipelines fail with

 

File "<decorator-gen-3>", line 2, in run  
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 29, in opens    self.open()  
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 615, in open    self.client.connect(**kwargs)  
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 437, in connect    passphrase,  
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 749, in _auth    raise saved_exception  
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 662, in _auth    key_filename, pkey_class, passphrase  
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 571, in _key_from_filepath    key = klass.from_private_key_file(key_path, password)  
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 206, in from_private_key_file    key = cls(filename=filename, password=password)  
File "/usr/local/lib/python3.6/site-packages/paramiko/ed25519key.py", line 76, in __init__    data = self._read_private_key("OPENSSH", f)  
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 289, in _read_private_key    raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid OPENSSH private key file

 

 

Do I really need to store the private key in pipelines env var ?

Can't the pipeline pick up the default identity by itself?

 

Any help is welcome

 

Answer
Watch
Like # people like this
4262 views

1 answer

1 accepted

2 votes
Answer accepted
Graham Gatus
Graham Gatus
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2019

If you inspect the ~/.ssh/config directory in your pipeline, it contains an entry for IdentityFile, which points to the location of the private key which was generated via the UI. This location resolves to  '/opt/atlassian/pipelines/agent/ssh/id_rsa'. Using tools such as git or ssh, they would check ~/.ssh/config to find the key location.

I notice you are using a python based tool - theres a possibility it is looking for the private key under ~/.ssh/, which doesn't exist. If this is the case, you can either configure the tool to use the correct location (/opt/atlassian/pipelines/agent/ssh/id_rsa), or copy the key from /opt/atlassian/pipelines/agent/ssh/id_rsa to under ~/.ssh/ to satisfy the tools requirements.

Storing keys in environment variables would only be necessary if you required multiple keys as Pipelines currently only supports adding a single key via the UI (e.g ssh into multiple services, or using git+ssh for committing back to Bitbucket and ssh for connecting to a remote server).

View More Comments
jai
jai
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 6, 2019

Thanks Graham

Explicit path to key worked.

Like Oleksandr Kyrdan likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events