Git ssh private key binding(GSoC-21)

[arpoch]

JENKINS-28335 - Add Git Credentials binding for SSH Private Key

The gitSshPrivateKey implementation provides git authentication support over SSH protocol
using private key and passphrase credentials of a user. The binding uses two git specific environment
variables depending upon the minimum CLI-git version

• GIT_SSH_COMMAND - If version is greater than 2.3, then the GIT_SSH_COMMAND environment variable provides ssh command including the necessary options which are: path to the private key and host key checking to authenticate and connect git server without using an executable script.

• SSH_ASKPASS - If version is less than 2.3, an executable script is attached to the variable which provides ssh command including the necessary options which are: path to the private key and host key checking to authenticate and connect git serve

Please refer to the Project page for more details-
https://www.jenkins.io/projects/gsoc/2021/projects/git-credentials-binding/

Checklist

• I have read the CONTRIBUTING doc
• I have referenced the Jira issue related to my changes in one or more commit messages
• Unit tests pass locally with my changes
• No Javadoc warnings were introduced with my changes
• No spotbugs warnings were introduced with my changes
• Documentation in README has been updated as necessary
• Online help has been added and reviewed for any new or modified fields
• I have interactively tested my changes
• Any dependent changes have been merged and published in upstream modules (like git-client-plugin)

Types of changes

• New feature (non-breaking change which adds functionality)

[timja]

looks like a bad merge

[arpoch]

Thanks for the quick review, made the changes.

[timja]

and here

[jimlindeman]

Not to nag the obvious, but It's Summer 2022, are any "Summer of Code 2022" students going to be assigned to complete this? We could really use this functionality in our Jenkins pipelines managing repos using ssh-keys in .gitmodules.

[MarkEWaite]

Not to nag the obvious, but It's Summer 2022, are any "Summer of Code 2022" students going to be assigned to complete this? We could really use this functionality in our Jenkins pipelines managing repos using ssh-keys in .gitmodules.

No summer of code plan was received that proposed to complete it. You're welcome to test the implementation in your environment based on the build results from the build job on https://ci.jenkins.io/job/Plugins/job/git-plugin/job/PR-1111/

You can also achieve almost the same result for ssh private keys by using the ssh-agent plugin to wrap the shell, bat, and powershell steps with an ssh agent that provides the private key as a credential

[jimlindeman]

FYI, the I found the ssh-agent plugin by itself doesn't configure github host public-ssh-key in the known_hosts and will cause the git commands to hang until configured in there. For reference for others, I got it working with:

  withCredentials([sshUserPrivateKey(credentialsId: 'sample_ssh_privatekey', keyFileVariable: 'KEYFILE')]) {
    sh 'mkdir -p ~/.ssh'
    sh 'echo "Host github.ibm.com" >> ~/.ssh/config'
    sh 'echo "    Hostname github.ibm.com" >>  ~/.ssh/config'
    sh 'echo "    User git" >> ~/.ssh/config'
    sh 'echo "    IdentityFile $KEYFILE" >> ~/.ssh/config'
    sh 'touch ~/.ssh/known_hosts'
    sh 'ssh-keygen -R github.ibm.com'
    sh 'ssh-keyscan -H github.ibm.com >> ~/.ssh/known_hosts'
    sh 'git submodule update --init --recursive'
  }

(note this was IBM's internal github, but same concept with whatever the github url is).