I generated a key pair in repo -> settings -> ssh keys
and copied the pub key to autorized_keys of server
and added the fingerprint on bitbucket too
but my pipelines fail with
File "<decorator-gen-3>", line 2, in run
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 29, in opens
File "/usr/local/lib/python3.6/site-packages/fabric/connection.py", line 615, in open
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 437, in connect
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 749, in _auth
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 662, in _auth
key_filename, pkey_class, passphrase
File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 571, in _key_from_filepath
key = klass.from_private_key_file(key_path, password)
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
key = cls(filename=filename, password=password)
File "/usr/local/lib/python3.6/site-packages/paramiko/ed25519key.py", line 76, in __init__
data = self._read_private_key("OPENSSH", f)
File "/usr/local/lib/python3.6/site-packages/paramiko/pkey.py", line 289, in _read_private_key
raise SSHException("not a valid " + tag + " private key file")
paramiko.ssh_exception.SSHException: not a valid OPENSSH private key file
Do I really need to store the private key in pipelines env var ?
Can't the pipeline pick up the default identity by itself?
Any help is welcome
If you inspect the ~/.ssh/config directory in your pipeline, it contains an entry for IdentityFile, which points to the location of the private key which was generated via the UI. This location resolves to '/opt/atlassian/pipelines/agent/ssh/id_rsa'. Using tools such as git or ssh, they would check ~/.ssh/config to find the key location.
I notice you are using a python based tool - theres a possibility it is looking for the private key under ~/.ssh/, which doesn't exist. If this is the case, you can either configure the tool to use the correct location (/opt/atlassian/pipelines/agent/ssh/id_rsa), or copy the key from /opt/atlassian/pipelines/agent/ssh/id_rsa to under ~/.ssh/ to satisfy the tools requirements.
Storing keys in environment variables would only be necessary if you required multiple keys as Pipelines currently only supports adding a single key via the UI (e.g ssh into multiple services, or using git+ssh for committing back to Bitbucket and ssh for connecting to a remote server).
Hello Community, I’m Anton Genkin, a product manager on the Bitbucket Server and Data Center team and am excited to share that Bitbucket Server 7.0 is now available! It's a platform release, one th...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events