can't set SSH_PRIVATE environment variable

[gitoleg]

Looks like the SSH_PRIVATE environment variable doesn't work as it should. And following for the steps in the documentation doesn't help (Basically, it just copy + paste). Probably, because the private key contains many lines and the input box replaces them with spaces (see screenshot).

Also, I found on the Internet the screenshot from some years ago, where I can clearly see that previously it was possible to paste multiline variable in the input box. And it's not true now.

So, is it a bug? or there is a way to set the multiline variable? I tried some variants but never succeded. And yes, there is a public key that is set in my account on Github.

Also, some additional information:

User: gitoleg Repository: my-repo-1 Date: 04/11/2020 around 6 p.m. Eastern Time Operating system: macOS Mojave Browser and Browser version: Safari 12.0 (tested with Google Chrome version 80.0.3987.163 as well) Page: Builds -> Configure Automated Builds Error message:

Cloning into '.'...
Warning: Permanently added the RSA host key for IP address '140.82.114.4' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
please ensure the correct public key is added to the list of trusted keys for this repository (128)

Thanks!

[erikbaan]

So this issue is now 25 days old. We are not able to use docker hub anymore. I guess this will mean the end of our subscription.

[ibqn]

We experience exactly the same issue...

[JoshuaSjoding]

I tried to set up an automated Docker Hub build that relies on a private GitHub source repository today. The build requires access to a private dependency, so a single GitHub deploy key was inadequate. I tried to make use of the SSH_PRIVATE environment variable like @gitoleg did, but ran into the same problem:

Cloning into '.'...
Warning: Permanently added the RSA host key for IP address '140.82.113.4' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
please ensure the correct public key is added to the list of trusted keys for this repository (128)

The Docker Hub Builder is claiming that it can't clone the source repository because the SSH private key it's using was denied by GitHub. I see two likely explanations:

1. I haven't granted the corresponding public key sufficient access rights on the remote repository.
2. The Docker Hub Builder didn't ingest and utilize the private key properly. A distinct possibility is that I fed it a key in the wrong format.

In my case, the SSH_PRIVATE environment variable contains a PEM-encoded private key without comment or whitespace. The private key matches the public key of a GitHub account that is a member of a GitHub Team that has read-only access to the source repository in an organization.

As noted by @gitoleg, the SSH_PRIVATE environment variable is poorly documented. I have no way of knowing whether I formatted it correctly because we are left with unanswered questions:

1. Should the private key be encoded in PEM format?
2. Will spaces in the private key be ignored? What about newlines?
3. If it's in PEM format, are PEM comments ignored or required?
4. I assume RSA keys are supported. Are other key types supported as well? What key lengths are supported?
5. If I modify the SSH_PRIVATE environment variable, does the change in environment invalidate the build cache? Do I need to disable build caching first for the change to be effective?

It's very possible that I've misconfigured something or missed a detail somewhere, but the lack of detail in the instructions makes diagnosis far more difficult than it should be.

[Z-a-r-a-k-i]

I tried to set up an automated Docker Hub build that relies on a private GitHub source repository today. The build requires access to a private dependency, so a single GitHub deploy key was inadequate. I tried to make use of the SSH_PRIVATE environment variable like @gitoleg did, but ran into the same problem:

Cloning into '.'...
Warning: Permanently added the RSA host key for IP address '140.82.113.4' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
please ensure the correct public key is added to the list of trusted keys for this repository (128)

The Docker Hub Builder is claiming that it can't clone the source repository because the SSH private key it's using was denied by GitHub. I see two likely explanations:

1. I haven't granted the corresponding public key sufficient access rights on the remote repository.
2. The Docker Hub Builder didn't ingest and utilize the private key properly. A distinct possibility is that I fed it a key in the wrong format.

In my case, the SSH_PRIVATE environment variable contains a PEM-encoded private key without comment or whitespace. The private key matches the public key of a GitHub account that is a member of a GitHub Team that has read-only access to the source repository in an organization.

As noted by @gitoleg, the SSH_PRIVATE environment variable is poorly documented. I have no way of knowing whether I formatted it correctly because we are left with unanswered questions:

1. Should the private key be encoded in PEM format?
2. Will spaces in the private key be ignored? What about newlines?
3. If it's in PEM format, are PEM comments ignored or required?
4. I assume RSA keys are supported. Are other key types supported as well? What key lengths are supported?
5. If I modify the SSH_PRIVATE environment variable, does the change in environment invalidate the build cache? Do I need to disable build caching first for the change to be effective?

It's very possible that I've misconfigured something or missed a detail somewhere, but the lack of detail in the instructions makes diagnosis far more difficult than it should be.

Exact same problems here would be very nice if anyone who has the answer could come here and help close this issue that is open for way too long !

[erikbaan]

Still a major issue for us too.

[Z-a-r-a-k-i]

I think that this is a duplicate from #1936 The only workaround that I found was adding the dockerhub public key to my personal github account, waiting to add a dedicated "build bot account" seat in the github team (which is pretty lame ^^)

Seriously this is major feature why is it not addressed by the team ? Moreover it doesn't look like anything complex to fix but I'm probably missing something

[github-actions[bot]]

We are clearing up our old issues and your ticket has been open for 6 months with no activity. Remove stale label or comment or this will be closed in 15 days.

[ibqn]

this is still an issue, I would say.

[JoshuaSjoding]

Yeah, this is still an issue. I tried to make use of SSH_PRIVATE again today with a fresh 2048 bit RSA key pair. I ran into all of the same issues. I continue to wonder how the private key should be formatted. I tried formatting the private key 5 or 6 different ways but the builder always failed in the same way as it always does:

Cloning into '.'...
Warning: Permanently added the RSA host key for IP address '(redacted)' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
please ensure the correct public key is added to the list of trusted keys for this repository (128)

[Tieantono]

This is still an issue, and we still need the correct documentation.