You explain how to add an RSA key in Jenkins to authenticate with GitLab:
In the Jenkins server (or your local machine), execute:
bash
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Save the keys, for example in ~/.ssh/id_rsa_jenkins.
In a Pipeline (Jenkinsfile):
groovy
pipeline { agent any stages { stage('Checkout') { steps { git credentialsId: 'gitlab-ssh-key', url: '[email protected]:usuario/repositorio.git' } } }
A Groovy Pipeline
You can manually test the connection on your Jenkins server:
bash
ssh -i ~/.ssh/id_rsa_jenkins -T [email protected]
You should see a welcome message from GitLab if everything is correct.
If an error appears:
returned status code 128: stdout: stderr: No ED25519 host key is known for gitlab.com and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
Option 1: From Jenkins Server (Recommended)
Connect to Jenkins server/container and run as jenkins:
bash
# Change to jenkins user sudo su -s /bin/bash jenkins # Add gitlab.com to known_hosts ssh-keyscan -t rsa,ecdsa,ed25519 gitlab.com >> ~/.ssh/known_hosts # Verify that it was added cat ~/.ssh/known_hosts | grep gitlab.com
Option 2: From Jenkins Configuration (No Server Access)
<
ol class=”wp-block-list”>
Manually provided keys→ paste the output of:
- O (less secure)
No verification→ only for testing
Option 3: If you use Jenkins in Docker
bash
docker exec -u jenkins <container_id> ssh-keyscan -t rsa,ecdsa,ed25519 gitlab.com >> /var/jenkins_home/.ssh/known_hosts
Check the functionality
Test the connection from the Jenkins user:
bash
sudo su -s /bin/bash jenkins ssh -T [email protected]
You should see:
Welcome to GitLab, @your_user!
Why is this happening? SSH has strict host verification by default. If gitlab.com is not in known_hosts, it rejects the connection even with a correct RSA key. The ssh-keyscan simply pre-aproves the fingerprint of GitLab.
