Thank you guys Sriram and Chad for answering those! Now it's getting clearer to me
*I was able to connect using token. It's fine.* Though I* wasn't able* to connect using SSH Certificate. The key has been generated and installed: [image: unnamed.png] it seems i set proper permissions: [image: unnamed.png] but i still get that error message when i test connection from go-server: --- STANDARD ERR --- STDERR: fatal: could not read Username for ' https://github.com': No such device or address --- So what am i doing wrong? May that be I have messed with permissions for *go user*? Vlad. On Thursday, October 26, 2023 at 8:41:33 PM UTC+13 Chad Wilson wrote: > To add on to Sriram's comments, the use of the > github-oauth-authorization-plugin doesn't have any relationship with access > to repository content on GitHub - it simply allows people to log onto GoCD > using their Github identity, and optionally to have access to GoCD pipeline > groups mapped to GitHub roles. > > This is because materials/repositories need to be accessed in an identity > known to the GoCD server/agents, not necessarily the individual user who > happens to be logged in to GoCD. So even if you use that authorization > plugin, you still need to decide how to provide GoCD itself access to > repositories on Github. > > You can use an SSH key linked to a GitHub user > <https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account> > > if you wish to use SSH access - no restrictions for private repos unless > your GitHub org blocks use of SSH keys. If you instead wish to use HTTPS > access to repositories you have to fill in a username/"password" for each > material you configure. That "password" would be a personal access token > <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens> > > with at least read-only access to the 1 or more repositories you want to > use. > > If you want to share one personal access token across many materials > (perhaps a single token has read-only access to many repositories), the > easiest way is to use a GoCD Secrets Management plugin and refer to them in > the username/"password" fields of each material using the special secrets > interpolation syntax: > https://docs.gocd.org/current/configuration/secrets_management.html This > will work with either manually defined pipelines/materials, or those > defined externally in source control. > > -Chad > > On Thu, Oct 26, 2023 at 3:01 PM Sriram Narayanan <srir...@gmail.com> > wrote: > >> Please see: >> >> https://docs.github.com/en/authentication/connecting-to-github-with-ssh >> >> The gocd server runs as a particular user account. That user account >> needs access to the ssh private keys used to authenticate with GitHub. >> >> The go agent too needs the same access. >> >> Assuming you are on Linux and installer gocd via rpm, then you would set >> this key in the home directory ( >> /var/lib/go-server/.ssh/myprivatekey.id_rsa) >> >> Permissions for .ssh would be 600, and for the key would be 400, with the >> gocd process user owning the directory and The identity file. >> >> — Sriram >> >> >> On Thu, 26 Oct 2023 at 12:00 PM, vv-fork <vakhl...@gmail.com> wrote: >> >>> Hello colleagues! >>> >>> What is the best way to connect on-prem goCD with GitHub private repo in >>> cloud? I was smoking docs and manuals for quite a while, but what people >>> say it’s to install ssh keys to both GitHub and goCD, which won’t work, >>> since I am using github.com, so i suppose i can’t install ssh key there. >>> >>> I’ve installed github-oauth-authorization-plugin and set it as described >>> (connection ok in authorisation configuration step), and restarted the >>> server, however it’s still throwing that standard error “fatal: could not >>> read Username for ‘https://github.com’ meaning that the access is still >>> closed. >>> >>> What else can be done as you think? >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to go-cd+un...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/ed3022b6-e1ec-4c3b-8ca3-3c5e6b7d72f4n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/go-cd/ed3022b6-e1ec-4c3b-8ca3-3c5e6b7d72f4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to go-cd+un...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/CANiY96azM2%3DaFO351d4PpExOatRCO%2BoaQju3Juvm2yAbQR2d5A%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/go-cd/CANiY96azM2%3DaFO351d4PpExOatRCO%2BoaQju3Juvm2yAbQR2d5A%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/95da29ae-dfae-46cd-ace0-b928b9b1a556n%40googlegroups.com.
