I am facing this problem for a very long now.I am able to ssh clone the repo and commit to the same repo, but when try mvn clean release:clean release:prepare release:perform the build is failing as below.
[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] username#github.someCompany.com: Permission denied (publickey).
[ERROR] fatal: Could not read from remote repository.
[ERROR]
[ERROR] Please make sure you have the correct access rights
[ERROR] and the repository exists.
The thing is when I try to mvn clean release:clean release:prepare release:perform it should use git#github.someCompany.com instead of username#github.someCompany.com. Can someone please help me resolve this ?
One workaround to test would be:
git config --global url.git#github.com:.insteadOf username#github.com:
(assuming an SSH URL using : in it)
That way, Git would be forced to use the right user in its SSH URL.
SSH keys let you authenticate with a Git repository without worrying about passwords. SSH is the same method of authentication that Linux servers use to allow remote access.
SSH keys rely on public-private key authentication. For this method of authentication to work, your Git server must be configured with a public key, and your local machine must have the corresponding private key.
Git clients like Atlassian and GitHub require that you upload your public key to their dashboards before you can use SSH authentication.
An Example Scenario
We’ve configured a local repository called ck-git. This repository contains one file: README.md.
We are going to link this repository to one on GitHub. To do this, we can use the git remote command:
git remote add origin git#github.com:career-karma-tutorials/ck-git.git
We have created a remote called “origin” to which we can push our code. To push our local repository to GitHub, we can use the git push command:
git push -u origin master
This command uploads our changes to the master branch on our “origin” remote server. Let’s see what happens when we run the command:
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
We have encountered an error.
Solution #1:
Check that your key is used
Before we explore any other solutions, we should make sure that our key is being used to make an SSH connection. We can do this by using the ssh-add command:
eval "$(ssh-agent -s)"
ssh-add -l -E md5
The first command starts the SSH agent on your computer. The next command lists all of the SSH keys that are configured on your machine.
Now that you have this list of SSH keys, check to see if they match the one you’ve uploaded to GitHub, Bitbucket, or another version control system you use. If at least one of the keys on the list does not match, you need to add one of them to your version control system.
Solution #2
: Adding an SSH key
You may encounter this error if you have not yet added an SSH key to your version control account. The way in which you add an SSH key to a Git repository varies depending on the version control system you use.
For GitHub, you can use the following steps:
Note down your SSH key using the commands we discussed in Solution #1
Open GitHub, click on your avatar on the top-right corner and click “Settings”
Click “SSH and GPG keys” in the sidebar
Add an SSH key to your account
To add an SSH key to your account, you must first have a key. You can generate one using the following commands:
ssh-keygen -t rsa -b 4096 -C "email#email.com"
ssh-add -K ~/.ssh-/id_rsa
Substitute “id_rsa” for the name of your key if you changed it when you were prompted to choose a key name from the first command.
Then, run the following command to see your public key:
cat ~/.ssh/id_rsa.pub
This will give you the string you need to upload into your version control system.
Cause #3: Using the wrong method of authentication
We’ve configured our repository to use an SSH URL:
git remote add origin git#github.com:career-karma-tutorials/ck-git.git
Using this URL means we must use SSH authorized key pairs to authenticate with our repository.
This is only possible if we have set up SSH authentication. If you want to configure your repository with HTTP, which lets you use a username and password to authenticate, you must use an HTTP URL:
git remote add origin https://github.com/career-karma-tutorials/ck-git
When we push our code to our remote server, we’ll be asked for our Git username and password. This will give us a chance to authenticate using HTTP instead of SSH.
Conclusion
The “Permission denied (publickey). fatal: Could not read from remote repository” error is caused by an issue with the way in which you authenticate with a Git repository.
To solve this error, make sure your key is being used on your Git account. If it is not, add your key to Git. If you do not have a public key and want to use one to authenticate with Git, you’ll need to create one.
You may want to opt to authenticate using HTTP if you do not want to use SSH. You can do this by using a HTTP URL as the remote URL for your repository.
ref :https://git-scm.com/docs/git-push
Related
I have the following code running in a script I am using.
Git git = Git.open(repoLocation);
Repository repo = git.getRepository();
git.checkout()
.setName("feature/test")
.setStartPoint("remotes/origin/feature/test")
.call();
git.pull()
.setRebase(true)
.call();
However, I am unable to pull from the remote feature branch called "test". How do I go about pulling from this remote branch via Jgit?
After stepping through my debugger, I decided to try and manually pull locally. When typing
git pull
in my bash terminal, I get the following error:
fatal: unable to access 'https://username#myCompany.com/path/to/repo.git/': SSL certificate problem: self signed certificate in certificate chain
I now think that this is the root of the error. How do I go about pulling the repo changes locally while still staying secure (the code runs in an applet that is distributed to others - most answers online say to disable SSL verification but I think that won't work).
This tech blog gives the following example on how to deal with branches in Jgit:
// Create a new branch
git.branchCreate().setName("newBranch").call();
// Checkout the new branch
git.checkout().setName("newBranch").call();
// List the existing branches
List<Ref> listRefsBranches = git.branchList().setListMode(ListMode.ALL).call();
for (Ref refBranch : listRefsBranches) {
System.out.println("Branch : " + refBranch.getName());
}
// Go back on "master" branch and remove the created one
git.checkout().setName("master");
git.branchDelete().setBranchNames("newBranch");
Try performing a git.fetch().setRemote("origin").call();, then a git.checkout().setName("newBranch").call(); before doing the git pull and it should work.
My Solution was to use RSA authentication when cloning the repository. It solved my issue. I followed this article on how to use RSA authentication, then adjusted what I needed from there.
Note, that I did use a different URL to clone the repo. Instead of using
https://username#myCompany.com/path/to/repo.git/
I used:
ssh://git#My.Company.Com/PATH/repo.git
I installed jenkins on Ubuntu and when I try to run the agents to create nodes I get back an IOException:
Failing to obtain http://<Master IP>:8090/computer/<Slave IP>/slave-agent.jnlp
java.io.IOException: Failed to load http://<Master IP>:8090/computer/<Slave IP>/slave-agent.jnlp: 403 Forbidden
at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:499)
at hudson.remoting.Launcher.run(Launcher.java:325)
at hudson.remoting.Launcher.main(Launcher.java:283)
As far as I can tell iptables isn't up and I can't find the reason behind it.
Using this option: -jnlpCredentials USER:PASSWORD
USER is your Jenkins user ID
In latest version the option is -auth USER:PASSWORD
USER - username of the jenkins master
PASSWORD - that user's password (Or API key setup from account details)
I have an experimental project on my Github used for the practising the CI service integrations. I struggle with using Sonarcloud.
I have followed both Tavis CI + Sonarcloud tutorial and Maven example. Mz first confusion starts with the token and properties file whereas the first source suggests creating sonar-project.properties file and the Maven example source does not have any. Here where the documentation is very unclear.
I ignored the properties file and I have done the following steps:
Generated token on sonarcloud.io for my project: e53.....239
Encrypted token on travis-encrypt.github.io since it's the most comfortable way for a Windows user. The 2 following inputs resulted in g3s.....+Q=:
NicharNET/Gistintex
SONAR_TOKEN="e53...239" - I tried both to wrap between quotation marks and without.
Added to Settings -> Environment variable key SONAR_TOKEN with the value of the generated Sonarcloud token e53...239.
Completed travis.yml with the secure token:
language: java
sudo: false
jdk: oraclejdk8
addons:
sonarcloud:
organization: "nicharnet-github"
token:
secure: "g3sLTdS597mklh1I9HgXr71NRCiOk2n9I41PL2wklnAidwibfocyEcWvSQxjmbhNTjdrcW0cAfzh73Ago8hwfdloraryDY9Ng9L1runxayShtPOqZMPI6nz8zUwLaDfqJVwXWv6A3xICOMFl0UhvF351GPErHhrUO7YIa8el3kESeotYy7kkTzeQ7BA239y7EVFw8H4OCW2gjP2G/InxKnlXfNjgQA3GsnZdJ3uWO3No5kwt5ybfuCCV42cp/UczLIzNbo0RW9Z9jBl5IFMzJaUQUfWV3Pp5QEPmpB7Anr/4W1EtjJPjpSIC/+jBmbrkvC/CSzzTPjaH9LzEQ5m4F5JpRw01blqgKH/153qfs1jRgZK6WVRuhe7yAATHCO/IM0DM+kC0mUJTcXKyv9pRm93E4wp+KzdHYy0LdA83wFgMmvlB8pcm20ImAe7B2SBFx5TGtETa6ea6k2BS+DfBXe6sLBnrl1zZB8nxCDnYiwT1BJFxizgv3EJ6Krjd3cSSxr6PGnXDD/yTeFNJarpMbA+wR6AQetJ89LiDBXYiw6GPgWk/A4vUDIsIaXGqCpydeZHkr2ufS1Ap4yYS0Um2GeDeQXTsBTSCg7BViFgduUI1NPYT1avKg7b64nsdpdjBVofOvzJsgiT66WlaJmt23BUCJsnmXwwEcW1387b4G+Q="
script:
- mvn clean install org.jacoco:jacoco-maven-plugin:prepare-agent sonar:sonar
Committed and pushed changes into the repository and Travis CI started to work and resulted in:
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.4.1.1168:sonar (default-cli) on project gistintex: Not authorized. Please check the properties sonar.login and sonar.password.
The error could be found on my Travis CI build. What do I do wrong?
I have skimmed through Error using Travis CI with Sonarcloud: Not authorized. Please check the properties sonar.login and sonar.password SO question and Travis CI Sonarqube analysis article, which unfortunately didn't help me though. My GitHub project source.
I have tried to add these plugins to pom.xml and run the analysis locally:
org.codehaus.mojo: sonar-maven-plugin: 5.1
org.sonarsource.scanner.maven: sonar-maven-plugin: 3.4.1.1168
Running this on my machine resulted in the correct Sonarcloud analysis:
mvn sonar:sonar \
-Dsonar.organization=nicharnet-github \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.login=e53.....239
However, my goal is to run the analysis after every committed version using Travis CI. I am sure I have done wrong the key encryption but I can't figure what exactly.
The key encryption problem usually happens when you execute the generation without the login command against travis.com instead of travis.org
In order to run on every commit you could connect your repo with SonarCloud Scan, generate a secret in your sonarcloud.io project page and there you will find instructions to modify your .travis.yml
if you use travis.org
travis encrypt <YOUR_SONAR_SECRET>
if you use travis.com
travis login --pro
then generate your token like this:
travis encrypt --pro <YOUR_SONAR_SECRET>
finally you need to add your pipeline instruction to your .travis.yml file
Check in your Travis CI repo settings when it should be triggered
here some related links:
Error using Travis CI with Sonarcloud: Not authorized. Please check the properties sonar.login and sonar.password
https://docs.travis-ci.com/user/encryption-keys/#usage
https://github.com/marketplace/actions/sonarcloud-scan
https://sonarcloud.io/documentation/integrations/github/
I'm deploying on Heroku a web application developed with Play Framework.
The deploy fails returning this error:
[error] p.a.l.c.CryptoConfigParser - The application secret has not been set, and we are in prod mode. Your application is not secure.
What does it means that "we are in prod mode"? Where do I set the mode? I have to change this because it's not a production environment.
Thanks
Put this into your conf/application.conf
Play 2.5
play.crypto.secret="changethissosomethingsecret"
Play 2.6+
play.http.secret.key="changethissosomethingsecret"
You can also start your application with a source with a secret key as a parameter.
you need to add an application secret in your conf file.
play.http.secret.key="changethissosomethingsecret"
You need to set up different keys based on the Play version that your application is using.
What version of play are you using?
Either look at com.typesafe.play:sbt-plugin version inside your project's plugins.sbt or if you have a GNU compatible shell, execute the following command:
find . -name "plugins.sbt" -exec grep -PHin --color=always 'com.typesafe.play.*sbt-plugin.*%\s*"\K.*?(?=")' {} \;
Proceed to the next step, once you know the version number of play used by your app.
What is the key to use in application.conf based on play version?
Play 2.3.x: application.secret (defaults to changeme)
Play 2.4.x: play.crypto.secret (defaults to changeme)
Play 2.5.x: play.crypto.secret (defaults to changeme)
Play 2.6.x: play.http.secret.key (defaults to changeme)
As you can see it is not consistent, but what is consistent is:
In the above versions you can override the secret using APPLICATION_SECRET environment variable/property (so, something like APPLICAITION_SECRET="changed" sbt "runProd 9001")
The default value in each case is changeme
The next two options were tested on Play v2.6.x, but according to the documentation, should work with the same commands for v2.4.x and v2.5.x.
The only exception is v2.3.x which uses play-generate-secret and play-update-secret respectively
How do I get sbt to generate a key for me?
Run the following command from within the directory of your play application (tested with sbt v1.1.6 and play v2.6.x):
$ sbt playGenerateSecret | grep -i 'generated'
[info] Generated new secret: ^7UubY[rFXzkN:v6TB9WL/lfGsP61/vzAHA9tdZNZ#nALH=TEztKAlTC>xz;VUXw
You can manually copy the above as the value for the key (based on play framework version as noted before) OR, you can use the suggestion below.
How do I get sbt to update existing key in application.conf automatically?
Same as above, run the following command from the root directory of your play framework app:
$ sbt playUpdateSecret | grep -i "secret"
[info] Generated new secret: Kz?fHm_I[wt^Onp[#cr<:`ttrQi]KMsdDs>22hEF?RhkoanQ7gA6NAjL33EV2^Xt
[info] Updating application secret in /Users/blah/someplayapp/conf/application.conf
[warn] Did not find application secret in /Users/blah/someplayapp/conf/application.conf
[warn] Adding application secret to start of file
Couple of things to note about this command:
playUpdateSecret will update the existing secret or add a secret to application.conf if it is not present.
This commands looks for the key and/or adds/updates it in application.conf only. This is important if you are following the Best Practice.
This best practice refers to creating a separate production.conf that overrides this key from application.conf:
include "application"
play.http.secret.key="somesecretkey"
and then run your app like so:
/path/to/yourapp/bin/yourapp -Dconfig.file=/path/to/production.conf
As you can see, if you are using playUpdateSecret to generate a new secret then it is going to have no effect since it is being overridden by the secret specified in production.conf.
Before you run your application in production mode, you need to generate an application secret
You need generate token for application in production mode, using activator playGenerateSecret
Configuration Application Secret
Link documentation
I´m trying to get that working:
clone a git project from an ssh server with NBGit. I get NBGit installed, works well local, but when given the connection parameters I´m not sure what is the right URL.
Or maybe it is not supported at the moment?
NBGit 0.4 for NB 6.9.1 on Win7
The URL should be:
git#myserver:/myreppo
But as reported in issue 91, that might not work very well.
I would explore the workaround presented in issue 56:
In your ~/.ssh directory, create a "config" file
open ~/.ssh/config in a text editor and put in the following:
Host AHostName -- this will be the name you will be calling in nbgit
User gituser
Hostname SSH IP address --eg 192.68.24.1 --my git server
Port 1234 -- use this if you need custom ports
IdentityFile "path to your private ssh key"
From there, the url can be:
AHostName:myrepo