Authenticate Jenkins CI for Github private repository

I'd like for Jenkins to automagically fetch data from my private repository hosted on Github. But I have no idea how to accomplish that task.. Tried the documentation, generating ssh-key for jenkins user and all what I can see is: "unable to clone the repo". I've checked URLs - they are valid.

Any clues, maybe you know some docs/blogs/whatever which are describing this kind of stuff?

Perhaps GitHub's support for deploy keys is what you're looking for? To quote that page:

> When should I use a deploy key? > > Simple, when you have a server that needs pull access to a single private repo. This key is attached directly to the repository instead of to a personal user account.

If that's what you're already trying and it doesn't work, you might want to update your question with more details of the URLs being used, the names and location of the key files, etc.

---

Now for the technical part: How to use your SSH key with Jenkins?

If you have, say, a jenkins unix user, you can store your deploy key in ~/.ssh/id_rsa. When Jenkins tries to clone the repo via ssh, it will try to use that key.

In some setups, you cannot run Jenkins as an own user account, and possibly also cannot use the default ssh key location ~/.ssh/id_rsa. In such cases, you can create a key in a different location, e.g. ~/.ssh/deploy_key, and configure ssh to use that with an entry in ~/.ssh/config:

Host github-deploy-myproject
    HostName       github.com
    User           git
    IdentityFile   ~/.ssh/deploy_key
    IdentitiesOnly yes

Because all you authenticate to all Github repositories using [email protected] and you don't want the above key to be used for all your connections to Github, we created a host alias github-deploy-myproject. Your clone URL now becomes

git clone github-deploy-myproject:myuser/myproject

and that is also what you put as repository URL into Jenkins.

(Note that you must not put ssh:// in front in order for this to work.)

One thing that got this working for me is to make sure that github.com is in ~jenkins/.ssh/known_hosts.

If you need Jenkins to access more then 1 project you will need to:

1. add public key to one github user account
   
2. add this user as Owner (to access all projects) or as a Collaborator in every project.

Many public keys for one system user will not work because GitHub will find first matched deploy key and will send back error like "ERROR: Permission to user/repo2 denied to user/repo1"

http://help.github.com/ssh-issues/

Jenkins creates a user Jenkins on the system. The ssh key must be generated for the Jenkins user. Here are the steps:

sudo su jenkins -s /bin/bash
cd ~
mkdir .ssh // may already exist
cd .ssh
ssh-keygen

Now you can create a Jenkins credential using the SSH key On Jenkins dashboard Add Credentials

select this option

> Private Key: From the Jenkins master ~/.ssh

I had a similar problem with gitlab. It turns out I had restricted the users that are allowed to login via ssh. This won't affect github users, but in case people end up here for gitlab (and the like) issues, ensure you add git to the AllowUsers setting in /etc/ssh/sshd_config:

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers batman git

Another option is to use GitHub personal access tokens:

• Go to https://github.com/settings/tokens/new
• Add repo scope
• In Jenkins, add a GitHub source
• Use Repository HTTPS URL
• Add the HTTPS URL of the git repo (not the SSH one, eg. https://github.com/my-username/my-project.git)
• Add credential
  • Kind: Username with Password
  • Username: the GitHub username
  • Password: the personal access token you created on GitHub
  • ID: something like github-token-for-my-username

I tested this on Jenkins ver. 2.222.1 and Jenkins GitHub plugin 1.29.5 with a private GitHub repo.

An alternative to the answer from sergey_mo is to create multiple ssh keys on the jenkins server.

(Though as the first commenter to sergey_mo's answer said, this may end up being more painful than managing a single key-pair.)