On Fri, Oct 27, 2023 at 1:13 PM vv-fork <vakhlovs...@gmail.com> wrote:
> Thank you guys Sriram and Chad for answering those! Now it's getting > clearer to me > > *I was able to connect using token. It's fine.* > > Though I* wasn't able* to connect using SSH Certificate. > The key has been generated and installed: > [image: unnamed.png] > > it seems i set proper permissions: > [image: unnamed.png] > > but i still get that error message when i test connection from go-server: > --- STANDARD ERR --- STDERR: fatal: could not read Username for ' > https://github.com': No such device or address --- > > > So what am i doing wrong? May that be I have messed with permissions for *go > user*? > Please change the key's owner to the user "go". > > Vlad. > > On Thursday, October 26, 2023 at 8:41:33 PM UTC+13 Chad Wilson wrote: > >> To add on to Sriram's comments, the use of the >> github-oauth-authorization-plugin doesn't have any relationship with access >> to repository content on GitHub - it simply allows people to log onto GoCD >> using their Github identity, and optionally to have access to GoCD pipeline >> groups mapped to GitHub roles. >> >> This is because materials/repositories need to be accessed in an identity >> known to the GoCD server/agents, not necessarily the individual user who >> happens to be logged in to GoCD. So even if you use that authorization >> plugin, you still need to decide how to provide GoCD itself access to >> repositories on Github. >> >> You can use an SSH key linked to a GitHub user >> <https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account> >> if you wish to use SSH access - no restrictions for private repos unless >> your GitHub org blocks use of SSH keys. If you instead wish to use HTTPS >> access to repositories you have to fill in a username/"password" for each >> material you configure. That "password" would be a personal access token >> <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens> >> with at least read-only access to the 1 or more repositories you want to >> use. >> >> If you want to share one personal access token across many materials >> (perhaps a single token has read-only access to many repositories), the >> easiest way is to use a GoCD Secrets Management plugin and refer to them in >> the username/"password" fields of each material using the special secrets >> interpolation syntax: >> https://docs.gocd.org/current/configuration/secrets_management.html This >> will work with either manually defined pipelines/materials, or those >> defined externally in source control. >> >> -Chad >> >> On Thu, Oct 26, 2023 at 3:01 PM Sriram Narayanan <srir...@gmail.com> >> wrote: >> >>> Please see: >>> >>> https://docs.github.com/en/authentication/connecting-to-github-with-ssh >>> >>> The gocd server runs as a particular user account. That user account >>> needs access to the ssh private keys used to authenticate with GitHub. >>> >>> The go agent too needs the same access. >>> >>> Assuming you are on Linux and installer gocd via rpm, then you would set >>> this key in the home directory ( >>> /var/lib/go-server/.ssh/myprivatekey.id_rsa) >>> >>> Permissions for .ssh would be 600, and for the key would be 400, with >>> the gocd process user owning the directory and The identity file. >>> >>> — Sriram >>> >>> >>> On Thu, 26 Oct 2023 at 12:00 PM, vv-fork <vakhl...@gmail.com> wrote: >>> >>>> Hello colleagues! >>>> >>>> What is the best way to connect on-prem goCD with GitHub private repo >>>> in cloud? I was smoking docs and manuals for quite a while, but what people >>>> say it’s to install ssh keys to both GitHub and goCD, which won’t work, >>>> since I am using github.com, so i suppose i can’t install ssh key >>>> there. >>>> >>>> I’ve installed github-oauth-authorization-plugin and set it as >>>> described (connection ok in authorisation configuration step), and >>>> restarted the server, however it’s still throwing that standard error >>>> “fatal: could not read Username for ‘https://github.com’ meaning that >>>> the access is still closed. >>>> >>>> What else can be done as you think? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "go-cd" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to go-cd+un...@googlegroups.com. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/go-cd/ed3022b6-e1ec-4c3b-8ca3-3c5e6b7d72f4n%40googlegroups.com >>>> <https://groups.google.com/d/msgid/go-cd/ed3022b6-e1ec-4c3b-8ca3-3c5e6b7d72f4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to go-cd+un...@googlegroups.com. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/CANiY96azM2%3DaFO351d4PpExOatRCO%2BoaQju3Juvm2yAbQR2d5A%40mail.gmail.com >>> <https://groups.google.com/d/msgid/go-cd/CANiY96azM2%3DaFO351d4PpExOatRCO%2BoaQju3Juvm2yAbQR2d5A%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/95da29ae-dfae-46cd-ace0-b928b9b1a556n%40googlegroups.com > <https://groups.google.com/d/msgid/go-cd/95da29ae-dfae-46cd-ace0-b928b9b1a556n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CANiY96bjMhvDA5yEq6wXnRAx%3D3yB2eXOdTYcgga%2BJ10-t3-Ugg%40mail.gmail.com.