deploy keis for individual products on a jenkins or gforge server

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi, folks!

It's been years since I was active on I still do backpor
ts of OpenSSH builds for current RHEL builds over at
del/nkadel-openssh-portable, and I've more recently published a new chroot  
cage building kit for rssh over at
ols. So I hope I still have some credit here for getting some help.

I've got a jenkins and gforge build servier to deal with, and I'd like to u
se individual SSH keys for individual projects to do builds. Since all the  
builds on the same server would be talking to, it's easy to set  
up a single key in the ~gforge/.ssh/config to use one key for B
ut it's not easy to use the same read-only "deploy" key this way for multip
le projects: prevents the use of the same "deploy" key for multi
ple repositories, and trying to stuff distinct keys for individual github.c
om projects into $HOME/.ssh/config would mean playing DNS CNAME or /etc/hos
ts games to provide a different apprarent alias for each project

I really, really do not want to do that!!

Has anyone gotten Jenkins or Gforge to activate only a single SSH key for a
 single project, gracefully, so I can use deploy keys this way w
ithout touching $HOME/.ssh/config? I'm thinking I can set up GIT_SSH wrappe
rs for individual keys, but that could also get pretty odd pretty quickly.


Re: deploy keis for individual products on a jenkins or gforge server

Quoted text here. Click to load it

Well, not an answer to your actual question, but AFAIK you don't need to
do that, i.e. have unique mappings server -> private key. You should be
able to simply have multiple IdentityFile option settings, with the
client trying them in sequence. You still need to store the keys of
course, and I believe there will be some delay in the authentication
procedure as the keys are tried, but it may be acceptable.

--Per Hedeland

Site Timeline