On Mon, 2022-01-31 at 02:54 -0800, Sourabh Hegde wrote:

Hello @Nicolas @Erik @Khem,

Hi!

Update from my side:

After following some discussion from other posts, I added "config"
file.

I think you're starting to mix various things together, you should
maybe try to not do everything at the same time. I added comments about
what is wrong with your config, but depending on your build
environment, the ssh config is maybe not the best choice.

~/.ssh/config:

Host git.example.com
HostName git.example.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_ed25519.pub
# LogLevel DEBUG3

You need to specify the private key with IdentityFile, not the public
key.

Then I did "eval `ssh-agent -s`"

Then doing "ssh-add ~/.ssh/id_ed25519.pub" results in:

Same here, you should be doing "ssh-add ~/.ssh/id_ed25519" (without the
.pub).

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/root/.ssh/id_ed25519.pub' are too open.
It is required that your private key files are NOT accessible by
others.
This private key will be ignored.

Whereas the permissions are set as:

ls -l -a ~/.ssh

-rw-r--r-- 1 root root  157 Jan 31 10:48 config
-rw------- 1 root root  464 Jan 20 15:26 id_ed25519
-rw-r--r-- 1 root root  109 Jan 20 15:26 id_ed25519.pub
-rw-r--r-- 1 root root  888 Jan 26 08:43 known_hosts

Well, the permissions on id_ed25519 are correct, but you added the
public key as private key in your config / in your ssh-add command,
which doesn't have the required permissions for private keys (because
it's not).

"ssh-agent" is running

ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-lcft54A4nriC/agent.2833; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2834; export SSH_AGENT_PID;
echo Agent pid 2834;

After doing these changes, when I try to "ssh -v git.example.com" to
test the connection before running bitbake, I get

OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for
git.example.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include
/etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to git.example.com [116.203.241.xxx] port 22.
debug1: connect to address 116.203.241.xxx port 22: Connection
refused
ssh: connect to host git.example.com port 22: Connection refused

I don't understand what is the issue here.

@Nicolas Can you please let me know where and how to run below
commands? Do I need to run them every time before fetching from
gitlab?
  -v $SSH_AUTH_SOCK:/ssh.socket \
  -e SSH_AUTH_SOCK=/ssh.socket \

I think you should explain your build environment a bit better, as I
can just guess what you're doing. You should add these parameters when
starting your docker container. For example I use something along these
lines:

docker run -ti --rm -v ~/development/oe-build:/workdir -v
$SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK="$SSH_AUTH_SOCK"
crops/poky --workdir=/workdir

If you're forwarding the ssh agent like this, you don't need a key or
config file at all, only known_hosts.


On the other hand, if you're using e.g. GitLab pipelines with docker,
you should not do it like mentioned above, but follow their guide [1].

[1]:
https://docs.gitlab.com/ee/ci/ssh_keys/index.html#ssh-keys-when-using-the-docker-executor

And also I already have "known_hosts" file with matching entries for
key/agent pair.

Can you please let me know how to make this working?

Your help will be much appreciated.

Thanks in advance.