Open in app

Sign in

Write

Sign in

Setting Up SSH Keys for Jenkins and GitHub Integration

A Step-by-Step Guide to Setting Up SSH Keys for Seamless GitHub Integration in Jenkins

Jorge Luis Castro Medina
5 min readSep 14, 2024

In projects that use Jenkins as a continuous integration tool, it’s common to need to clone repositories from GitHub as part of build and deployment processes. 🛠️ One of the most secure and efficient ways to do this is by using an SSH key to authenticate Jenkins with GitHub, without needing to enter passwords. 🔐

Below, I’ll walk you through the steps to generate an SSH key and configure it in both GitHub and Jenkins. 🚀

Step 1: Generating the SSH Key

First, we need to create an SSH key pair on the server or machine where Jenkins is running. These keys are used to authenticate access to GitHub without needing a password.

Basic syntax for generating an SSH key:

ssh-keygen -t ed25519 -C "your_email@example.com"

Quick explanation of the syntax:

  • ssh-keygen: The command used to generate SSH keys.
  • -t ed25519: Specifies that we'll use the Ed25519 algorithm, which is more modern and efficient than others like RSA.
  • -C "your_email@example.com": Adds a comment to the key for easy identification (typically, your email address).

Example of execution:

When you run the command, you’ll be prompted to choose where to save the generated keys. Either choose a custom location or use the default path (~/.ssh/id_ed25519). You’ll also have the option to protect the private key with a passphrase.

Step 2: Add the SSH Key to the SSH Agent

To ensure Jenkins can use the SSH key properly, it’s helpful to add the key to the SSH agent:

  1. Start the SSH agent (if it’s not already running):
eval "$(ssh-agent -s)"

Step 3: Add your SSH private key to the ssh-agent.

If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.

ssh-add ~/.ssh/id_ed25519

Step 4: Adding the Public Key to GitHub

After generating the SSH key, you need to add the public key to GitHub so Jenkins can access your repositories.

  1. Go to your GitHub account and navigate to Settings.
  2. From the side menu, select SSH and GPG keys.
  3. Click on New SSH key.
  4. Paste the contents of your public key file (~/.ssh/id_ed25519.pub) into the Key field. You can also add a descriptive name in the Title field.

Step 5: Configuring Jenkins to Use the SSH Key

Once the SSH key is added to GitHub, you need to ensure Jenkins uses it to clone repositories. Follow these steps:

  1. Copy the private key to the Jenkins server:
  • Copy the private key file (~/.ssh/id_ed25519) to the server where Jenkins is running. Typically, this would be in the ~/.ssh/ directory of the user running Jenkins.

2. Configure the SSH key in Jenkins:

  • Go to Jenkins and select Manage Jenkins from the main dashboard.
  • Select the Credentials option
  • Choose the appropriate scope (global or specific to a job).
  • Click Add Credentials.
  • In the Kind dropdown, select SSH Username with private key.
  • Enter your GitHub username and choose Enter directly for the private key.
  • Paste the contents of your private key file (~/.ssh/id_ed25519).

If you see this error after correctly configuring your SSH key in Jenkins:

Failed to connect to repository: Command "git ls-remote -h - git@github.com:your-repository/your-project.git HEAD" returned status code 128: stdout: stderr: No ED25519 host key is known for github.com and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

It’s likely that you need to add the GitHub host key to your known_hosts file. This issue occurs because the GitHub server is not recognized by your machine’s known_hosts file, which prevents Jenkins from validating the connection due to strict host key checking.

Recommended Approach:

If you prefer to be more specific, you can use this command to obtain only the ed25519 key:

ssh-keyscan -t ed25519 github.com >> ~/.ssh/known_hosts

Alternative Approach:

Use the following command to add GitHub’s host key to your known_hosts file:

ssh-keyscan github.com >> ~/.ssh/known_hosts

This command will add the GitHub server’s fingerprint to the known_hosts file, allowing Jenkins to authenticate the connection without issues. Also, ensure that the known_hosts file has the correct permissions:

chmod 600 ~/.ssh/known_hosts

This will ensure that Jenkins can access the repository without problems related to host key verification.

Resources

If you like my content and want to support my work, you can give me a cup of coffee ☕️ 🥰

Follow me in

Jenkins
Jenkins Pipeline
Ci
DevOps
Ssh

--

--

Jorge Luis Castro Medina
Jorge Luis Castro Medina

Written by Jorge Luis Castro Medina

4.3K Followers
50 Following

I'm a Software Engineer passionate about mobile technologies, and I like everything related to software design and architecture

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams