New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Go should be able to manage SSH keys #430

Open
arvindsv opened this Issue Aug 6, 2014 · 17 comments

Comments

Projects
None yet
@arvindsv
Copy link
Member

arvindsv commented Aug 6, 2014

Placeholder issue.

Go should be able to maintain and help manage SSH (private) keys which are used to login to remote servers. Usually this is needed for services like GitHub. Especially in the case of private repositories, this will be useful to have.

The UI of the Go Server will first help an admin setup the SSH keys needed. Then, these SSH keys will be propagated to the agents specified.

Possibly, the known_hosts file will also be updated.

@arvindsv arvindsv added the enhancement label Aug 6, 2014

@nielsdraaisma

This comment has been minimized.

Copy link

nielsdraaisma commented Nov 4, 2014

+1, we're doing quite some boiler plate using keychain etc to get github working, having this native in go would be great.

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

gocd#430 - Generalize agent ping -> instruction mechanism.
This is an attempt to generalize the mechanism used to cancel a job. Every ping of the agent
to the server used to return an 'Instruction' to the agent. At this point, the instruction
was always to either cancel the running job or to not cancel it.

Due to this change, the instructions are routed through a router, giving a chance to other
handlers to handle an instruction.

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

gocd#430 - Make AgentInstruction have a type and data.
Helps it be a little more generic, so that it can be used for other purposes.

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

gocd#430 - BuildRepositoryRemote#ping returns array of instructions.
Earlier, it was returning only one instruction. Now, it returns multiple. It
is an array and not a list, because it gets serialized over the wire, and in
Java serialization, the array has a very compact representation.

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

gocd#430 - Remove potential race condition.
There was a potential of a race between the check of cachedChecksum == null and the return.
Now, since the copyOfCachedChecksum points to the reference of cachedChecksum, it cannot change
between the two calls. Of course, there is a possibility of the value being stale now, but in
this case, that is alright. The next ping from the agent will get the right value.

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

arvindsv added a commit to arvindsv/gocd that referenced this issue May 29, 2015

gocd#430 - Server sends back SSH keystore checksum in ping response.
The agent pings the server every few seconds. The server now sends back a response
containing the checksum of the SSH keystore it has. The agent can use the previous
checksum it had, to figure out whether it needs to update its SSH keys.

@arvindsv arvindsv modified the milestone: Unknown - Needs interest from someone Jan 4, 2016

@drummerwolli

This comment has been minimized.

Copy link

drummerwolli commented Mar 18, 2016

+1, any progress on this?

@eluleci

This comment has been minimized.

Copy link

eluleci commented Mar 23, 2016

+1

1 similar comment
@SladeRun14

This comment has been minimized.

Copy link

SladeRun14 commented Mar 28, 2016

+1

@jpza

This comment has been minimized.

Copy link

jpza commented May 25, 2016

+1 - Seems like an entire market segment is being lost because of this missing feature

@cdluv

This comment has been minimized.

Copy link

cdluv commented Jun 16, 2016

+100 ... or [in addition to @worstadmin'a comment], it leads you up the garden path, then bites you in the bum after the initial PoC on your local machine looks good. Stick Go CD and Agents it in the cloud, when you need SSH access to a Git Repo, Go CD doesn't like it. It took a lot of patience, tenacity and a fair amount of luck to get it to work just the once! This lead to a sour taste in my mouth. Please fix immediately guys - Continuous Delivery and Cloud tech go hand-in-hand. I'm certain this has hurt a lot of (potential) users. Can anyone help out and share their experience on making it work reliably (no matter how hacky - it's important for me, and others for sure, to get the thing going!)

@andrask

This comment has been minimized.

Copy link

andrask commented Jul 4, 2016

+1

@gerich-home

This comment has been minimized.

Copy link

gerich-home commented Jul 22, 2016

+1 Definitely need it!

@kevinstembridge

This comment has been minimized.

Copy link

kevinstembridge commented Oct 5, 2016

+1

@FatherTime1

This comment has been minimized.

Copy link

FatherTime1 commented Feb 6, 2017

Without a simple SSH implementation, I have to hit bitbucket, this tool is not feasible for our organization

@kishan3

This comment has been minimized.

Copy link

kishan3 commented Feb 20, 2017

Is it still not implemented ?

@mathieulj

This comment has been minimized.

Copy link

mathieulj commented Feb 20, 2017

@kishan3 Since this issue is still open, one can safely assume that it is not.

@schlomo

This comment has been minimized.

Copy link

schlomo commented May 3, 2017

I created https://github.com/schlomo/ssh-url-with-ssh-key as a workaround to configure a dedicated SSH key for each git repo. Otherwise you cannot use GitHub Deploy Keys either.

@kishan3

This comment has been minimized.

Copy link

kishan3 commented May 5, 2017

@schlomo Cool :)

@oppianmatt

This comment has been minimized.

Copy link

oppianmatt commented Sep 13, 2017

Plugins like the github oauth plugin should be to generate/request a deploy key from github as part of the auth process. And then gocd should be able to use/manage this ssh key when fetching from private repos.

It doesn't make sense that the oauth is doing the auth, but then still I have to manually go and generate an deploy key at github, and paste/bake that deploy key somehow into docker, and rebuild/redeploy my agents to use that key. It could just use the github api, generate a deploy key, and save it in gocd for use. Like pretty much most CI/CD servers that integrate with github can do.

GoCD should have some sort of key management system that plugins could use in a standard way for stuff like this. So it wouldn't be limited to github (that was an example). But any plugin can use/manage ssh keys

@Preen

This comment has been minimized.

Copy link

Preen commented Feb 22, 2018

+1

@Preen

This comment has been minimized.

Copy link

Preen commented Feb 22, 2018

You can run this command in order to do it with another SSH key. But I cant see any way to do this with the material. Is there a way to add env variables to materials?

GIT_SSH_COMMAND="ssh -i ~/.ssh/another_key -F /dev/null" git pull

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment