Hi,
Make sure you've properly chowned those directories and files. Keep in mind
that you have to either run those commands you've mentioned as the "go"
user, or establish those files in that .ssh folder and then chown them with
"go:go". If you're running inside a docker container, as I believe you are,
it's pretty easy to set up this process as an entry-point script. I also
believe you'll always have to chown that .ssh directory so that the
container go user can access them. I believe it's also pretty safe to
pre-populate your git servers public ssh host keys and simply cat them into
the known_hosts file. This way you don't have to accept them and these will
rarely change. I've already got a working solution in place, so I'll
provide some highlights here, since that's all I can do.
* gather your git servers public ssh keys with command "ssh-keyscan -p 22
[host | addrlist namelist] ...". Make sure you use any git server aliases
here.
* the go server home can be figured out programatically with this command:
GO_HOME=$(
getent passwd "go" | cut -d: -f6 )
* create folder ${GO_HOME}/.ssh with chmod 700 and chown go:go
* generate a pair of keys if they don't already exist: ssh-keygen -q -t rsa
-C "gocd-server" -N '' -f "$GO_ID_RSA_FILE"
* add your pub key to gitlab
* cat your git servers pub ssh keys into ${GO_HOME}/.ssh/known_hosts, chmod
0644 the file
* chown the entire /var/go, or just /var/go/.ssh if you prefer
All these steps should work with the .ssh folder bind-mounted.
Hope you get something working soon.
Jay
On Friday, September 30, 2016 at 4:23:50 AM UTC-7, Chris Forbes wrote:
>
> I'm trying to set up GoCD for the first time on Linux (CentOS 7) with the
> official GoCD Server Docker container. Documentation for this is very
> scarce as I'm sure you are aware. I'm having a lot of difficulties getting
> the server to use the SSH key correctly. I've tried a number of suggested
> solutions with no luck.
>
> Some of the things I have tried:
>
> - Mount the instance ssh folder as a volume to `/var/go/.ssh`
> - Create a `config` file in the container to specifically target the
> `id_rsa` file
> - Run `ssh -T -vvv [email protected]` on the instance and the container
> to validate the key
>
> But still, clicking "Check Connection" results in the error:
>
> --- ERROR ---
>> STDERR: Host key verification failed.
>> STDERR: fatal: Could not read from remote repository.
>> STDERR:
>> STDERR: Please make sure you have the correct access rights
>> STDERR: and the repository exists.
>> ---
>>
>>
> Could someone that has done this be so kind as to list the steps required
> to make this work? Or point me at a detailed blog post/write up of how to
> do this? We are keen to give GoCD a try, but being unable to use Git with
> SSH is a deal breaker.
>
--
You received this message because you are subscribed to the Google Groups
"go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
