catalog icon indicating copy to clipboard operation
catalog copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

get a warning “appears to need SSH authentication but no SSH credentials have been provided” in the pipelinerun log

Open ma0ziyuan opened this issue 1 year ago • 3 comments

Expected Behavior

no warning in the pipelinerun log when i use the task “git-clone” to pull the source code from my gitlab server using ssh protocol

Actual Behavior

get a warning in the pipelinerun log when i use the task “git-clone” to pull the source code from my gitlab server using ssh protocol,but the source code was pulled successfully

[fetch-source : clone] {"level":"warn","ts":1700370900.1551552,"caller":"git/git.go:271","msg":"URL(\"ssh://[email protected]:1022/yyy/zzz.git\") appears to need SSH authentication but no SSH credentials have been provided"}

Steps to Reproduce the Problem

1.the pipeline version is v0.52.1 2.the “git-clone” task version is 0.9 3.the git-init image is "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.40.2" 4. follow the steps in the https://tekton.dev/docs/how-to-guides/clone-repository/

Additional Info

i am not sure the real reason,because i am not familiar with the Go language and the pipeline source code. i can only guess the problem maybe from the source codes below:

os.Stat(filepath.Join(credsDir, ".ssh")) https://github.com/tektoncd/pipeline/blob/a172b76d9055fec57a61f7955cd33869aaa18698/pkg/git/git.go#L262-L273

validateGitAuth(logger, pipeline.CredsDir, spec.URL) https://github.com/tektoncd/pipeline/blob/a172b76d9055fec57a61f7955cd33869aaa18698/pkg/git/git.go#L74-L86

CredsDir = "/tekton/creds" // #nosec https://github.com/tektoncd/pipeline/blob/23581c5f9f67f6855f1956775ca8be03ba1ed86f/pkg/apis/pipeline/paths.go#L17-L31

ma0ziyuan avatar Nov 19 '23 07:11 ma0ziyuan

Related #1220 and #1169, both erroneously (IMO) closed. I encounter the same problem.

nostra avatar Jan 09 '24 14:01 nostra

Bump!

wesleyvandermeer avatar May 10 '24 09:05 wesleyvandermeer

I have figured out that libcrypto needs a new line at the end of the private key file.

My solution:

Open your "id_rsa" file, at the end, add a new line and save it.

Then use the following instruction to create the k8s secret:

kubectl create secret generic --from-file=/path/to/id_rsa_with_newline --output yaml --dry-run=client

I always use kubeseal when i do not have the luxury to external secret providers:

kubectl create secret generic --from-file=/path/to/id_rsa_with_newline --output yaml --dry-run=client | kubeseal -o yaml

wesleyvandermeer avatar May 11 '24 08:05 wesleyvandermeer