That is because you cannot use sshpass to provide a passphrase, only a password in user/password vs private key ssh.
Assuming you are using Jenkins - and since you are me, you are. we can resolve the problem following this strategy:
- obtain key and passphrase
- setup ssh wrapper to use the keyfile automatically
- setup ssh-agent to enable provisioning of passphrase and automatic handout upon request by ssh
- use expect to install passphrase in ssh-agent
thanks to @jayhendren for turning me on to the ssh-agent plugin
The Jenkins pipeline groovy code
/** * generate stand in executable for ssh to ensure we use the correct id and do not look in home's .sshdir * @return path to shell script wrapper for ssh */ def getSshWrapper(def keyPath) { def wrapper = "${pwd()}/ssh" writeFile file: wrapper, text: """#!/usr/bin/env sh /bin/ssh -i ${keyPath} \$*""" sh "chmod 700 ${wrapper}" return wrapper } /** * Enable ssh and git to use a deploy key with a passphrase * @param credentialId jenkins id of private key / passphrase * @param closure actions to perform * @return result of actions */ def withDeployKey(def credentialId, closure) { def result // Start ssh agent and add key def helperFilesDir = './build/helperFiles' def envSettings = ["PATH=${helperFilesDir}:${env.PATH}"] withEnv(envSettings) { withCredentials([sshUserPrivateKey(credentialsId: credentialId, passphraseVariable: 'PASSPHRASE', keyFileVariable: 'KEY_FILE_PATH')]) { println "Setup Ssh Wrapper to use credentials key" dir(helperFilesDir) { getSshWrapper(KEY_FILE_PATH) } // Run closure println "run closure" sshagent(credentials: [credentialId]) { result = closure() } } } return result }
Example
withDeployKey('my-deploy-key') { sh "git clone git@github:me/myrepo.git' }
github
