Home > Software engineering >  git fails to clone submodule with ssh in azure devops pipeline
git fails to clone submodule with ssh in azure devops pipeline

Time:11-23

I'm trying to use the Azure DevOps pipeline. The main repository the pipeline is supposed to run on is cloned just fine, except that I can't get to clone it's submodules. The submodules are added using SSH URLs because that's what is set up in my computer.

The cloning process fails with:

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:v3/<rest_of_link>' into submodule path '/home/vsts/work/1/s/Modules' failed
Failed to clone 'Modules' a second time, aborting

So, since I'm using SSH, I've gone ahead and created a pair of RSA keys and I'm using Azure's own task to install it, as shown below:

- task: InstallSSHKey@0
  inputs:
    knownHostsEntry: '<entry>'
    sshPublicKey: '<public_key>'
    sshKeySecureFile: 'id_rsa'

It succeeds with the following output:

/usr/bin/ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-XXXXXXFGcDdd/agent.1614; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1615; export SSH_AGENT_PID;
echo Agent pid 1615;
/usr/bin/ssh-add -L
The agent has no identities.
/usr/bin/ssh-add /home/vsts/work/_temp/id_rsa
Identity added: /home/vsts/work/_temp/id_rsa (jose@42we-desktop)
/usr/bin/ssh-add
Finishing: InstallSSHKey

Great, right? Except that if I try to initialize the submodules with:

GIT_SSH_COMMAND="ssh -v" git submodule update --init --recursive

It still fails.

By looking at the extra information supplied through the usage of the -v flag, I can see that it initially accepts the key, and even says Authenticated to ssh.dev.azure.com, only to then fail after git-upload-pack

debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering public key: <key> RSA SHA256 <key> agent
debug1: Server accepts key: <key> RSA SHA256 <key> agent
Authenticated to ssh.dev.azure.com ([20.125.155.0]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: Sending environment.
debug1: channel 0: setting env GIT_PROTOCOL = "version=2"
debug1: channel 0: setting env LANG = "C.UTF-8"
debug1: Sending command: git-upload-pack 'v3/name/project/repo'
remote: Public key authentication failed.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3592, received 2304 bytes, in 2.1 seconds
Bytes per second: sent 1725.1, received 1106.5
debug1: Exit status 2
fatal: Could not read from remote repository.

Why does it fail?? It really doesn't make sense in my head, and the output I can see if I clone in my computer (running Fedora) is the same until the "git-upload-pack".

SOLVED SOLVED SOLVED SOLVED

Turns out I needed to add the generated SSH key to my account as well. I didn't think this made sense at first because the authentication should happen between azure machines itself... either way. It's done and it works!

CodePudding user response:

Turns out I needed to add the generated SSH key to my account as well. I didn't think this made sense at first because the authentication should happen between azure machines itself... either way. It's done and it works!

After you've generated a key pair, adding the private key to Azure's library and the public to the YAML script, you also need to add the public key to your own personal access keys in your azure devops profile.

  • Related