views:

162

answers:

1

I'm trying to use the Hudson Gerrit Trigger plug-in.

For whatever reason, Gerrit is not accepting the SSH key located at /var/lib/hudson/.ssh/id_rsa.

In the GUI I get Connection error : com.jcraft.jsch.JSchException: Auth fail as an error, and when I'm working in the terminal I get a Permission denied (publickey) error.

How can I generate and use a working private key so Hudson and Gerrit can play nice?

+1  A: 

The OP Josh Smith managed to sort it out:

I'd actually needed to add the SSH key from /var/lib/hudson/.ssh/id_rsa.pub for the user (me) into the Gerrit GUI.
Then from there it worked like a charm.
The username must be the username in Gerrit (the admin account).

My original advice is below:


What is the user which will use the web based code review system Gerrit?

That user needs your /var/lib/hudson/.ssh/id_rsa.pub public ssh key in its $HOME/.ssh/authorized_keys, as illustrated in this guide.

alt text

Key Distribution

The public portion of the RSA key pair must be copied to any servers that will be accessed by the client. The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
Assuming that all of the servers use OpenSSH instead of a different SSH implementation, the public key data must be appended into the ~/.ssh/authorized_keys file on the servers.

# first, upload public key from client to server
client$ scp ~/.ssh/id_rsa.pub server.example.org:

# next, setup the public key on server
server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub

Be sure to append new public key data to the authorized_keys file, as multiple public keys may be in use. Each public key entry must be on a different line.


VonC
@VonC I'm coming to think you answer every question I have! I might as well have a direct line... `hudson` is the user that should be using the review system, I *think*. Forgive the noobness. Do you mean that, or the actual *human* user, for example `joshsmith`?
Josh Smith
@Josh: if "hudson" is the user executing the ssh connection to the localhost Gerrit system, then it needs its own `id_rsa.pub` added to its `~hudson/.ssh/authorized_key`.
VonC
@VonC `hudson` has its own `id_rsa.pub` in `/var/lib/hudson/.ssh`. Is this what you mean?
Josh Smith
@VonC I should read more carefully. Clearly that's not what you meant. Where is the `$HOME` for the `hudson` user? I know that question has a variable answer, hence the need for `$HOME`, but really not sure where user dirs can be found.
Josh Smith
Do you mean something like `/root/.ssh/`? In that dir there are only the files `id_rsa`, `id_rsa.pub`, and `known_hosts`, all created by the `hudson` user.
Josh Smith
@Josh: "Where is the `$HOME` for the `hudson` user?". Exactly. Where is the question, and the general difficulty of this ssh-related Hudson issues I see on SO. You need to somehow display the environment variables when executing that Job, and see if the `$HOME` is mentioned.
VonC
Do I just copy/paste the `id_rsa.pub` into the `authorized_keys` file?
Josh Smith
@Josh: you need to append `id_rsa.pub` to the content of `authorized_keys` file (or create that `authorized_keys` file if it didn't already exist). See http://sial.org/howto/openssh/publickey-auth/ for more details.
VonC
Thanks for the link. Yours was not *quite* the answer I was looking for, but your help got me there. I'd actually needed to add the SSH key from `/var/lib/hudson/.ssh/id_rsa.pub` for the user (me) into the `Gerrit` GUI. Then from there it worked like a charm. The username must be the username in `Gerrit` (the admin account).
Josh Smith
@Josh: great! You found the solution. I have updated my answer to reflect it, and also to document (for future reference) the notion of public SSH key distribution.
VonC
+100 for awesome updated answer.
Josh Smith