git clone and SSH key passphrase

Sébastien Doncker June 19, 2016

Hello, 

I try to use Bitbucket pipelines beta.

To build my repository, I need to build another repository from bitbucket.

So I configure a SSH Key but when I make a git clone, He ask me a passphrase for the key and block the automatic process.

Is there a way to pass this step without passphrase or providing the passphrase in anyway ?

To illustrate, here is my bitbucket-pipelines.yml file:

 

# You can use a Docker image from Docker Hub or your own container
# registry for your build environment.
image: maven:3.3.3
pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
            - mkdir ~/.ssh
            - echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
            - base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
            - chmod 600 ~/.ssh/id_rsa
            - base64 ~/.ssh/id_rsa
            - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config
            - mvn --version
            - mkdir temp
            - cd temp
            - git clone git@bitbucket.org:dingorock/dingorock-helpers.git
            - cd dingorock-helpers
            - mvn clean install
            - cd ..
            - cd ..
            - mvn clean install

 

Thanks in advance,

Seb

2 answers

1 vote
Peter Geshev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 20, 2016

You can remove the passphrase of the key (more info here)  or you can create a new ssh key without passphrase

Rob Jones June 22, 2016

I've tried removing the passphrase and creating a key without a passphrase and it still prompts you for a passphrase.

0 votes
Sébastien Doncker June 23, 2016

Thank you, it's working.

But eventually, I don't understand how to have my private key in $SSH_KEY.

So :

  • I created a new SSH Key without passphrase
  • I added the private key in my git repository
  • I added the public key in my Bitbucket deployment key repository configuration

and do the following in the bitbucket-pipelines.yml :

 

image: maven:3.3.3
pipelines:
  default:
    - step:
        script: # Modify the commands below to build your repository.
            - mkdir ~/.ssh
            - cp bitbucket_pipelines_rsa ~/.ssh/id_rsa
            - chmod 600 ~/.ssh/id_rsa
            - echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config


            - mvn --version


            - mkdir temp
            - cd temp
            - git clone git@bitbucket.org:dingorock/dingorock-helpers.git
            - cd dingorock-helpers
            - mvn clean install -DskipTests
            - cd ..

            - cd ..
            - mvn clean install

 

Thanks a lot for your answer.

Seb

Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 3, 2016

I would highly advise against storing your private key as part of your repository, for security reasons.

I think I know what was going wrong for you (I also had to battle this for a while).

Firstly, delete the SSH key-pair you are using now. It's in your repos Git history and is no longer able to be considered secure. 

The issue I think you were having initially was that the SSH_KEY environment variable cannot be the plain text version of your id_rsa file. You need to encode it first in base64.

$ base64 ~/.ssh/id_rsa

You can see a full step-by-step guide here: https://answers.atlassian.com/questions/39243415

Let me know if you get stuck, you shouldn't have to have your secrets stored in your Git repository. smile

Sébastien Doncker July 4, 2016

Oh ! Thanks for that, I didn't understand how to setup an Environment Variable. This is why I put the SSH KEY in my repo. And I know, it's bad ! sad

 

So, Now, I just figure out how I can add environment variable via the pipeline setting of my repo so I will be able to delete the key from it and use the base64 encoding.

 

Thanks a lot for your tips and provided links.

Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 4, 2016

You can find information on environment variables here: https://confluence.atlassian.com/display/BITBUCKET/Environment+variables+in+Bitbucket+Pipelines

Specifically, you'll want to read the "User-defined repository variables" section. To quote the part you're probably looking for:

You can add, edit, and remove variables directly in the Bitbucket Pipelines settings which you can find in your repository under Settings > Bitbucket Pipelines > Environment variables

Hope that helps. smile

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events