git - Jenkins:凭据中私钥的正确格式是什么

Question

我在运行在 Windows Server 2016 上的 Jenkins 2.152 中创建了一个作业，它需要从 bitbucket.org 上托管的 git 存储库中提取数据。我通过 git-bash 测试了 ssh key ，所以我知道它可以工作并且没有密码。当我尝试对 Jenkins 使用完全相同的私钥时，我收到一条错误消息。

Failed to connect to repository : Command "git.exe ls-remote -h 
git@bitbucket.org:mygroup/myrepo HEAD" returned status code 128:
stdout: 
stderr: Load key 
"C:\\Users\\JE~1\\AppData\\Local\\Temp\\ssh2142299850576289882.key": invalid format 
git@bitbucket.org: Permission denied (publickey). 
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

凭据设置为

 scope: Global
 user: git
 Private Key -> Enter Directly -> copy and past - generated by ssh-keygen -t rsa in gitbash
 Passphrase: empty
 ID: empty
 description: bitbucket.org

我注意到在另一个 Windows Jenkins 服务器上，私钥每行的字符数不同

有人知道 Jenkins 凭证中私钥的预期格式是什么吗？或者也许还有其他我可以检查的东西。

非常感谢任何帮助。

Answer 1

检查您正在使用的 Git for Windows 版本:Starting 2.19.2 , 它带有 OpenSSH v7.9p1 (从7.7之前)

还有... openssh 7.8刚刚更改了默认的 ssh-keygen 格式，从经典的 PEM 64 个字符到 OPENSSH 一个 70 个字符!

只有 ssh-keygen -m PEM -t rsa -P ""-f afile 会生成旧格式 (-m PEM)

ssh-keygen(1):

write OpenSSH format private keys by default instead of using OpenSSL's PEM format.

The OpenSSH format, supported in OpenSSH releases since 2014 and described in the PROTOCOL.key file in the source distribution, offers substantially better protection against offline password guessing and supports key comments in private keys.
If necessary, it is possible to write old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when generating or updating a key.