ansaurus

Question

Answer 1

+1 A:

The OP Josh Smith managed to sort it out:

I'd actually needed to add the SSH key from /var/lib/hudson/.ssh/id_rsa.pub for the user (me) into the Gerrit GUI.
Then from there it worked like a charm.
The username must be the username in Gerrit (the admin account).

My original advice is below:

What is the user which will use the web based code review system Gerrit?

That user needs your /var/lib/hudson/.ssh/id_rsa.pub public ssh key in its $HOME/.ssh/authorized_keys, as illustrated in this guide.

alt text

Key Distribution

The public portion of the RSA key pair must be copied to any servers that will be accessed by the client. The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
Assuming that all of the servers use OpenSSH instead of a different SSH implementation, the public key data must be appended into the ~/.ssh/authorized_keys file on the servers.

# first, upload public key from client to server
client$ scp ~/.ssh/id_rsa.pub server.example.org:

# next, setup the public key on server
server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub

Be sure to append new public key data to the authorized_keys file, as multiple public keys may be in use. Each public key entry must be on a different line.

VonC 2010-09-14 20:25:57

@VonC I'm coming to think you answer every question I have! I might as well have a direct line... `hudson` is the user that should be using the review system, I *think*. Forgive the noobness. Do you mean that, or the actual *human* user, for example `joshsmith`?

Josh Smith 2010-09-14 20:46:00

@Josh: if "hudson" is the user executing the ssh connection to the localhost Gerrit system, then it needs its own `id_rsa.pub` added to its `~hudson/.ssh/authorized_key`.

VonC 2010-09-14 20:47:38

@VonC `hudson` has its own `id_rsa.pub` in `/var/lib/hudson/.ssh`. Is this what you mean?

Josh Smith 2010-09-14 20:50:34

@VonC I should read more carefully. Clearly that's not what you meant. Where is the `$HOME` for the `hudson` user? I know that question has a variable answer, hence the need for `$HOME`, but really not sure where user dirs can be found.

Josh Smith 2010-09-14 21:05:05

Do you mean something like `/root/.ssh/`? In that dir there are only the files `id_rsa`, `id_rsa.pub`, and `known_hosts`, all created by the `hudson` user.

Josh Smith 2010-09-14 21:15:19

@Josh: "Where is the `$HOME` for the `hudson` user?". Exactly. Where is the question, and the general difficulty of this ssh-related Hudson issues I see on SO. You need to somehow display the environment variables when executing that Job, and see if the `$HOME` is mentioned.

VonC 2010-09-14 21:21:21

Do I just copy/paste the `id_rsa.pub` into the `authorized_keys` file?

Josh Smith 2010-09-14 21:34:38

@Josh: you need to append `id_rsa.pub` to the content of `authorized_keys` file (or create that `authorized_keys` file if it didn't already exist). See http://sial.org/howto/openssh/publickey-auth/ for more details.

VonC 2010-09-14 21:50:04

Thanks for the link. Yours was not *quite* the answer I was looking for, but your help got me there. I'd actually needed to add the SSH key from `/var/lib/hudson/.ssh/id_rsa.pub` for the user (me) into the `Gerrit` GUI. Then from there it worked like a charm. The username must be the username in `Gerrit` (the admin account).

Josh Smith 2010-09-15 00:33:56

@Josh: great! You found the solution. I have updated my answer to reflect it, and also to document (for future reference) the notion of public SSH key distribution.

VonC 2010-09-15 03:55:48

+100 for awesome updated answer.

Josh Smith 2010-09-16 03:55:16

ansaurus

tags:

views:

answers:

Creating SSH keys for Gerrit and Hudson

related questions