GitLab Branch Source SSH Credentials

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

GitLab Branch Source SSH Credentials

Sverre Moe-2
When we moved our git repositories to Gitlab, checkout failed when using Credentials for SCM Repository for our Multibranch Pipeline Projects.

[Mon Mar 15 14:31:33 CET 2021] Starting branch indexing...
> git --version # timeout=10
> git --version # 'git version 2.26.2'
using GIT_SSH to set credentials Jenkins Git User
> git ls-remote --symref -- ssh://[hidden email]/packages/connection-api.git # timeout=10
ERROR: [Mon Mar 15 14:31:39 CET 2021] Could not update folder level actions from source 4e0891e4-f729-4070-a650-e5fdbd95b807
hudson.plugins.git.GitException: Command "git ls-remote --symref -- ssh://[hidden email]/packages/connection-api.git" returned status code 128:
stderr: Permission denied, please try again.
Received disconnect from port 22:2: Too many authentication failures
Disconnected from port 22
fatal: Could not read from remote repository.

GitLab has the Public SSH key for all Jenkins Master, and Build Agents in its Deploy Keys.

So git clone works fine without having to specify credentials
I had to set Credentials to None for it to work.

It does not work with GitLab Branch Source Plugin and GitLab Group Project.
I have configured the group with "Checkout over SSH", but if credentials is left None, it will still use Checkout over HTTPS.

A workaround:
The Jenkins master has a SSH key (Public, Private). This has access in GitLab (Added as Deploy Key for all projects).
I tried creating a new Credential:
Kind=SSH Username with private key

Then selected this credentials for GitLab group projects. Checkout now uses SSH and it works, even if the git checkout is not on jenkins master, but one of its build agents.

Perhaps my workaround is the way to do it?

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit