Issue
Existing solutions
I've searched SO and Github extensively before asking my question. None of the existing topics present any working solutions for our setup.
Configuration
We've got Jenkins + Fastlane configured on a remote macOS machine. Fastlane match is supposed to get the signing credentials (certificate + provisioning profile) from a dedicated repository over SSH.
Issue
The SSH connection fails (it hangs). Jenkins console output:
INFO [2019-04-09 14:09:29.05]: Cloning remote git repo...
INFO [2019-04-09 14:09:29.05]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
INFO [2019-04-09 14:09:29.05]: [36m$ git clone ssh://[email protected]:xxxx/cert/ios-certificates-profiles.git /var/folders/_redacted_[0m
INFO [2019-04-09 14:09:29.07]: ▸ [35mCloning into '/var/folders/_redacted_'...[0m
INFO [2019-04-09 14:09:29.19]: ▸ [35mThe authenticity of host '[xxx.xx.x.xxx:xxxx]:xxxx ([xxx.xx.x.xxx:xxxx]:xxxx)' can't be established.[0m
INFO [2019-04-09 14:09:29.19]: ▸ [35mRSA key fingerprint is _REDACTED_.
Running the "git clone ssh://[email protected]:xxxx/..." command from the terminal on the same machine:
- clones the repository successfully
- adds the host to the known_hosts file
Still Jenkins keeps hanging on the fastlane match command. Any ideas why Jenkins cannot connect over SSH to the repository? What am I missing?
Edit
Adding the clone_branch_directly
option to the match command has no effect, the command still hangs.
Solution
Try first the same operation with Jenkins launched in an environment where the variable GIT_SSH_COMMAND
is set to "ssh -vvv
": that will give you full traces when Git tries and clone with SSH URL.
The OP mmvie confirms in the comments:
Adding verbose logging to SSH revealed Jenkins was ran as
sudo
.
Running Jenkins not as sudo and pointing to the correct SSH keys resolved the issue.
Other possibilities:
fastlane issue 5473 mentions the known_hosts issue, but if the remote server fingerprint is already added (assuming your Jenkins is running with the same account as your own shell session), then check if your private key is passphrase-protected:
FWIW, when I
ssh-add -D
and then runfastlane certs
(which runs match), I get the exact same behavior. It hangs on "Cloning remote git repo..." That's expected behavior. 'ssh-add
' fixes things.
Same in fastlane issue 7482:
Figured it out...was on a new box and hadn't added my key to ssh-agent.
ssh-add -K ~/.ssh/id_rsa
Other possibility: fastlane issue 11732:
I'm running into this on CircleCi 2.0 as well
Setting this in my environment configuration on Circle 2.0 helps
environment:
TERM: xterm-256color
So check your $TERM
environment variable value.
Answered By - VonC
Answer Checked By - Terry (JavaFixing Volunteer)