How to configure Hudson and git plugin with an SSH key

Question

I've got Hudson (continuous integration system) with the git plugin running on a Tomcat Windows Service. msysgit is installed and the msysgit bin dir is in the path. PuTTY/Pageant/plink are installed and msysgit is configured to use them.

When I run a job that attempts to clone the git repository I get the following error:

$ git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" 
ERROR: Error cloning remote repo 'origin' : Could not clone git@hostname:project.git 
ERROR: Cause: Error performing git clone -o origin git@hostname:project.git e:\HUDSON_HOME\jobs\Project Trunk\workspace 
Trying next repository 
ERROR: Could not clone from a repository 
FATAL: Could not clone 
hudson.plugins.git.GitException: Could not clone 

1. Running git clone -o origin git@hostname:project.git "e:\HUDSON_HOME\jobs\Project Trunk\workspace" from the command line works without error.
2. I've confirmed that my issue is not the same as http://stackoverflow.com/questions/1177292/hudson-git-clone-error because git is in the path and I don't get any error about the git executable on Hudson's Configure System page.

This leads me to believe that the problem is that the user who owns the Tomcat/Hudson Windows service (Local System) has no SSH key set up to be able to clone the git repository.

My question is, how can I set things up so that the git plugin/msysgit know to use a particular SSH key when trying to clone? I don't think Pageant will work because the Tomcat service is running as the "Local System" user, but I may be wrong. I have tried setting Pageant up as a service (using runassvc.exe), passing the appropriate key, and having it run as "Local System". The Tomcat/Hudson service doesn't seem to be able to see the key from the pageant service. Are there any other techniques for setting up a key?

Thanks.

EDIT: The discussion on http://n4.nabble.com/Hudson-with-git-and-ssh-td375633.html shows that someone else had a similar question. ssh-agent was suggested and this tool does come with msysgit but I'm not sure how to use it in conjunction with the Hudson service. Still, good clue if anyone can fill in the gaps. Thanks to Peter for the comment with the link.

Also, the discussion on http://n4.nabble.com/questions-about-git-and-github-plug-ins-td383420.html starts off with the same question. I'm trying to resurrect that thread.

Answer 1

We use Hudson, checking out the source code from git with an ssh key. We actually have Hudson on an ubuntu server, however. Hudson's ssh key pair lives in ~hudson/id_rsa and ~hudson/id_rsa.pub

So, adapting our advice for a Windows set-up:

The Windows-based developers on our team use MSysGit and regularly check out code via git over ssh -- but not using Putty/Pageant. We found Pageant to be painful due to some protocol errors with the login. Instead, they configured git to use openSSH (it's one of the options during the install). Their public/private key pair then lives in ~username/id_rsa and ~username/id_rsa.pub and it all works.

So, I'd recommend changing your git config to use OpenSSH rather than pageant. If nothing else, you won't need to worry about starting pageant.

You can use PuttyGen to generate the key. However, if you are using OpenSSH rather than pageant, you will need to export a suitable private key (from one of the menus at the top of PuttyGen) and save it as id_rsa, and copy-and-paste the public key from PuttyGen's GUI (it shows but won't save a suitable version for OpenSSH) and save that as id_rsa.pub. This is because Putty uses a slightly different format for the key than OpenSSH does.

Alternatively, of course, you can always host your hudson server on a ubuntu server (either a real one or through VirtualBox)