I have been working on setting up Jenkins Pipelines for some projects and had an issue that I think others have had, but I could not find a clear answer on the way to handle it.
We have some NPM Packages that are pulled from a private git repo, and all of the accounts have MFA enabled, including the CI user account. This means that SSH authentication is mandatory for CI user.
If there is only one host that you need to ssh auth with jenkins, or you use the exact same ssh key for all hosts, then you can just put the private key on your Jenkins server at
~/.ssh/id_rsa. If you need to specify a key dependant upon the host, which is the situation I was in, it was not working to pull the package.
The solution for this that I found was to use the
~/.ssh/config. In there you specify the hosts, the user, and what identity file to use. It can look something like this:
Host github.com User git IdentityFile ~/.ssh/github.key Host bitbucket.org User git IdentityFile ~/.ssh/bitbucket.key Host tfs.myonprem-domain.com User my-ci-user IdentityFile ~/.ssh/onprem-tfs.key
So now, when running
npm install, ssh will know what identity file to use.
Bonus tip: Not everyone uses ssh, so in the package.json, it may not be configured to use ssh. You can put options in the global .gitconfig on the Jenkins server that will
https protocol requests to
[url "ssh://email@example.com/"] insteadOf = "https://github.com/" [url "ssh://firstname.lastname@example.org/"] insteadOf = "https://bitbucket.org/" [url "ssh://tfs.myonprem-domain.com:22/"] instadOf = "https://tfs.myonprem-domain.com/
So with that, when git detects an
https request, it will switch to use