Not able to push to git repository using ssh-auth

[divyansh42]

Expected Behavior

Able to push to the git repo by providing the ssh-auth.

Actual Behavior

Getting the following error while trying to push while I am successfully able to clone the private repo as well.

[config] + git push origin master
[config] Host key verification failed.
[config] fatal: Could not read from remote repository.
[config] 
[config] Please make sure you have the correct access rights
[config] and the repository exists.

Steps to Reproduce the Problem

1. Run the following task, by providing the valid ssh-privatekey ,known hosts and github repo to clone. This task is modification from the https://github.com/tektoncd/pipeline/blob/v0.11.3/examples/v1beta1/taskruns/git-ssh-creds.yaml

apiVersion: v1
kind: Secret
metadata:
  name: git-ssh
  annotations:
    tekton.dev/git-0: github.com
type: kubernetes.io/ssh-auth
data:
  # Generated by:
  # cat id_rsa | base64 -w 0
  # This deploy key has read-only permissions on github.com/knative/build
  ssh-privatekey: ""
  # Generated by:
  # ssh-keyscan github.com | base64 -w 0
  known_hosts: ""
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: robot-git-ssh
secrets:
- name: git-ssh
---
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  name: git-ssh-creds
spec:
  serviceAccountName: robot-git-ssh
  resources:
    inputs:
    - name: gitssh
      resourceSpec:
        type: git
        params:
        - name: revision
          value: master
        - name: url
          value: git@github.com:divyansh42/rebase-test.git
  taskSpec:
    resources:
      inputs:
      - name: gitssh
        type: git
    steps:
    - name: config
      image: bitnami/git:latest
      script: |
        cd /workspace/gitssh
        git config user.email "digarwa@redhat.com"
        git config user.name "divyansh42"
        git checkout master
        git remote -v
        git commit -m "empty-commit" --allow-empty && git push origin master

2. See the logs tkn tr logs -f

Additional Info

• Kubernetes version:

  Output of kubectl version:

 Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-18T23:30:10Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:12:17Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}

• Tekton Pipeline version:

  Output of tkn version or kubectl get pods -n tekton-pipelines -l app=tekton-pipelines-controller -o=jsonpath='{.items[0].metadata.labels.version}'

Client version: 0.8.0
Pipeline version: v0.12.1

[ghost]

Are you able to provide the TaskRun yaml after it has run? I'd like to see the complete object including any Status fields.

$ kubectl get -o yaml taskrun <completed taskrun name>

I'd also be curious to find out:

• which UID / group / fsgroup the creds-init initContainer ran as
• which UID / group etc your git commands ran as

Also, it would be great to know what the structure of /tekton looks like and also what you have $HOME set to. Can you modify the Step Script in your TaskRun to run the following:

echo $HOME
ls -laR /tekton

[dibyom]

/kind bug

[divyansh42]

I think this issue is similar to #1271

[ghost]

@divyansh42 is the SSH key you're using a Github Deploy Key? Did you definitely check the "Allow write access" checkbox when you saved the public key in github? (You can double check this by going to the Deploy Keys page in your repo and you should see something like "Read/Write" on the key description).

I just ran through a test with a private repo and I was able to successfully push to master using a Github Deploy Key with Write Access.

[ghost]

Also, if it still doesnt work try making the first command in your Script this:

ln -s /tekton/home/.ssh /root/.ssh

[divyansh42]

Also, if it still doesnt work try making the first command in your Script this:

ln -s /tekton/home/.ssh /root/.ssh

It is working by adding this command in the script. Thanks! 👍

[ghost]

I'm going to close this issue now but have created PR #2663 to document this extra step when using vanilla git commands.