Why does Maven not use my privatekey when deploying with scp?

Question

I am deploying to our cluster using Maven 3. Having set a private-key in my settings.xml as well as the repository in the pom.xml. At the moment is everything working except that I am getting asked for the password if I call mvn clean deploy. If I use <password>pw</password> instead of <privateKey>path</privateKey> it is working but of course this is not what I want to use.

settings.xml

<server>
    <id>company_cluster</id>
    <username>user</username>
    <privateKey>/home/user/.ssh/user</privateKey>
</server>

pom.xml

<build>
    <!-- ... -->
    <extensions>
        <!-- Enabling the use of SSH -->
        <extension>
            <groupId>org.apache.maven.wagon</groupId>
            <artifactId>wagon-ssh</artifactId>
            <version>2.4</version>
        </extension>
    </extensions>

</build>

<distributionManagement>
    <repository>
        <id>company_cluster</id>
        <url>scp://client.hadoop.company.at/home/user/deploy/</url>
    </repository>
</distributionManagement>

I have generated a ssh key on my local machine and then used

ssh-copy-id [email protected]

to add it to the authorized keys.

Answer 1

mvn -U clean install -D skipTests

led to the error message:

Could not transfer artifact ... from/to ...-repository (scp://.../repo/releases/): Cannot connect. Reason: invalid privatekey: [...-> [Help 1]

I found this link https://help.mulesoft.com/s/article/Issue-with-key-based-authentication-while-connecting-to-SFTP-server

And checked my newly generated key to be like:

-----BEGIN OPENSSH PRIVATE KEY-----
...

while on my old (working) environment it was:

head -2 id_rsa
-----BEGIN RSA PRIVATE KEY-----
...

So the hint from the link above was to use:

ssh-keygen -t rsa -b 4096 -m PEM

which would mean to create a new key - i had already deployed the key with ssh-copy-id to quite a few servers already ...

At Openssh Private Key to RSA Private Key if found the procedure for the key conversion.

ssh-keygen -p -N "" -m pem -f  id_rsa

changing the format to RSA

head -1 id_rsa
-----BEGIN RSA PRIVATE KEY-----

and leading to the mvn error message to disappear.

Answer 2

It is an old question, but I spend enough time on very similar issue to consider it worth it to post the answer. You cannot give both username and privateKey in the server node in the settings.xml file. So in the settings.xml file it should be as follows:

  <server>
    <id>company_cluster</id>
    <privateKey>/home/user/.ssh/user</privateKey>
  </server>