git clone hangs during clone when using sshpass

ssh github terraform jenkins

Has anyone found sshpass works to set a phassphrase for ssh or git clones?

I have a github repo with a deploy key and a passphrase

This results in prompt for passphrase as expected and clone upon manual key-in of it

git clone git@github:me/myrepo.git

This results in a hang

sshpass -p "secret" -v git clone git@github:me/myrepo.git

This seems to happen because the search string will never match the actual string but there seems no way to alter the search string.

SSHPASS searching for password prompt using match "assword"
SSHPASS read: Enter passphrase for key '/home/jenkins/.ssh/id_rsa':

Solution 1:

That is because you cannot use sshpass to provide a passphrase, only a password in user/password vs private key ssh.

Assuming you are using Jenkins - and since you are me, you are. we can resolve the problem following this strategy:

  1. obtain key and passphrase
  2. setup ssh wrapper to use the keyfile automatically
  3. setup ssh-agent to enable provisioning of passphrase and automatic handout upon request by ssh
  4. use expect to install passphrase in ssh-agent

thanks to @jayhendren for turning me on to the ssh-agent plugin

The Jenkins pipeline groovy code

/**
 * generate stand in executable for ssh to ensure we use the correct id and do not look in home's .sshdir
 * @return path to shell script wrapper for ssh
 */
def getSshWrapper(def keyPath) {
    def wrapper = "${pwd()}/ssh"
    writeFile file: wrapper, text: """#!/usr/bin/env sh
/bin/ssh -i ${keyPath} \$*"""
    sh "chmod 700 ${wrapper}"
    return wrapper
}

/**
 * Enable ssh and git to use a deploy key with a passphrase
 * @param credentialId jenkins id of private key / passphrase
 * @param closure actions to perform
 * @return result of actions
 */
def withDeployKey(def credentialId, closure) {
    def result

    // Start ssh agent and add key
    def helperFilesDir = './build/helperFiles'
    def envSettings = ["PATH=${helperFilesDir}:${env.PATH}"]
        withEnv(envSettings) {
            withCredentials([sshUserPrivateKey(credentialsId: credentialId,
                    passphraseVariable: 'PASSPHRASE',
                    keyFileVariable: 'KEY_FILE_PATH')]) {

                println "Setup Ssh Wrapper to use credentials key"
                dir(helperFilesDir) {
                    getSshWrapper(KEY_FILE_PATH)
                }

                // Run closure
                println "run closure"
                sshagent(credentials: [credentialId]) {
                    result = closure()
                }
            }
        }
    return result
}

Example

withDeployKey('my-deploy-key') {
   sh "git clone git@github:me/myrepo.git'
}

Related

NGINX redirect non-existent domains
Windows server 2008 web edition with SQL Server (Limits?)
When can I adjust partition sized in Leopard?
.htaccess security
CRON messages being delayed for arbitrary long time in syslog
Install new wildcard SSL cert on top of existing single domain cert - any pitfalls?
How do I delete the Administrator account?
ISC DHCP - Force clients to get a new IP address, instead of the being re-issued their previous lease's IP
Why is module os_keypair not returning private_key?
How to change RDS KMS Key without losing data?
3 Exchange Mailboxes with 50GB and growing. Searching/Indexing is slow. Options?
WSUS not receiving updates?