git clone hangs during clone when using sshpass
Has anyone found sshpass works to set a phassphrase for ssh or git clones?
I have a github repo with a deploy key and a passphrase
This results in prompt for passphrase as expected and clone upon manual key-in of it
git clone git@github:me/myrepo.git
This results in a hang
sshpass -p "secret" -v git clone git@github:me/myrepo.git
This seems to happen because the search string will never match the actual string but there seems no way to alter the search string.
SSHPASS searching for password prompt using match "assword"
SSHPASS read: Enter passphrase for key '/home/jenkins/.ssh/id_rsa':
Solution 1:
That is because you cannot use sshpass to provide a passphrase, only a password in user/password vs private key ssh.
Assuming you are using Jenkins - and since you are me, you are. we can resolve the problem following this strategy:
- obtain key and passphrase
- setup ssh wrapper to use the keyfile automatically
- setup ssh-agent to enable provisioning of passphrase and automatic handout upon request by ssh
- use expect to install passphrase in ssh-agent
thanks to @jayhendren for turning me on to the ssh-agent plugin
The Jenkins pipeline groovy code
/**
* generate stand in executable for ssh to ensure we use the correct id and do not look in home's .sshdir
* @return path to shell script wrapper for ssh
*/
def getSshWrapper(def keyPath) {
def wrapper = "${pwd()}/ssh"
writeFile file: wrapper, text: """#!/usr/bin/env sh
/bin/ssh -i ${keyPath} \$*"""
sh "chmod 700 ${wrapper}"
return wrapper
}
/**
* Enable ssh and git to use a deploy key with a passphrase
* @param credentialId jenkins id of private key / passphrase
* @param closure actions to perform
* @return result of actions
*/
def withDeployKey(def credentialId, closure) {
def result
// Start ssh agent and add key
def helperFilesDir = './build/helperFiles'
def envSettings = ["PATH=${helperFilesDir}:${env.PATH}"]
withEnv(envSettings) {
withCredentials([sshUserPrivateKey(credentialsId: credentialId,
passphraseVariable: 'PASSPHRASE',
keyFileVariable: 'KEY_FILE_PATH')]) {
println "Setup Ssh Wrapper to use credentials key"
dir(helperFilesDir) {
getSshWrapper(KEY_FILE_PATH)
}
// Run closure
println "run closure"
sshagent(credentials: [credentialId]) {
result = closure()
}
}
}
return result
}
Example
withDeployKey('my-deploy-key') {
sh "git clone git@github:me/myrepo.git'
}