[users at bb.net] How to properly use private keys for access to git repositories?

Mojca Miklavec mojca at macports.org
Sat Apr 10 06:39:38 UTC 2021


Hi,

I've been struggling to understand how to properly use sshPrivateKey
to fetch the contents from a private repository on GitHub.

(It would be really helpful to have an example more clearly listed in
the documentation.)

I followed
https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key
to generate a new private key via:
    ssh-keygen -t ed25519 -C "your_email at example.com"
and stored it to "secrets/id_ed25519".

I used the following code:

c['secretsProviders'] = [secrets.SecretInAFile(dirname='secrets')]
...
f.addStep(
    steps.Git(
        repourl = 'git at github.com:me/somerepo.git',
        mode = 'full',
        sshPrivateKey = util.Secret('id_ed25519'),
        sshKnownHosts = util.Secret('known_hosts'),
    )
)

I checked that the key (id_ed25519) actually works to clone the
repository, and the following command works when executed manually on
the worker:

git -c 'core.sshCommand=ssh -o "BatchMode=yes" -i /path/to/ssh-key -o
"UserKnownHostsFile=path/to/ssh-known-hosts"' clone --branch master
git at github.com:me/somerepo.git . --progres

But I'm getting

Cloning into '.'...
Load key "/path/to/worker/.workername.build.buildbot/ssh-key": invalid format
Permission denied (publickey).
fatal: Could not read from remote repository.

I've seen some claims that only the first line in the secret file is
actually used (at least in some cases), but I have no idea how it
works for a private key.

What's the best way to diagnose what exactly is going on?

I'm using buildbot 3.0.0 / python 3.6.8.

Thank you very much,
    Mojca


More information about the users mailing list