Pulling repos from CMD line stopped working

Hello Benjamin,

It looks more like an environment issue; could you please let me know if invoking above statement manually on agent machine, under the same identity as the one TeamCity uses works for you? How is the agent in question started?

Hi Fedor,

Running it manually from a CMD window works, and I believe that the same identity is used when I'm running the statement from a CMD window since the ssh key is evaluated in the statement. I see that there's a mistake in my question that I'd like to clarify: I really do add the id_rsa_PEM like the output states, and not the id_rsa key which I wrote in the question.

The agent is started either by me clicking "run" at the "build step" page, or by letting it start by a scheduled trigger, and TeamCity is started with "runAll.bat start" from a CMD with admin privileges.

Hello Benjamin,

Sorry for the delay; just to clarify, does the issue reproduce on the default agent (e.g. the one which comes installed on the server machine by default), or a separate agent? runAll.bat will start both server and default agent under the identity of user running the script, but other agents may start using own identities. 

Hi Fedor, thanks for the reply!

I'm only using 1 agent, so I'm not sure how to start another agent with the default identity. Could you guide me through that please?

Hello Benjamin,

In case of a single agent, if you run the above script under the same user as one used to execute runAll.bat, then you are using the same identity (and the same SSH key), so it should be working.

Apologies for not spotting this earlier; the issue is not about the SSH key, as it seems, but about the fact that msys2 is unable to create the following path: /home/SYSTEM/.ssh
This means that:
a) agent process is started as SYSTEM (https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts#default-local-system-accounts)
b) the path /home/SYSTEM likely does not exist, and msys2 was unable to create one under SYSTEM identity.

Given the above, may I ask you to:
1) extend the above script like:

set HOME=C:\Users\SYSTEM
C:\msys64\usr\bin\bash.exe -lc "cd C:\\\path_to_repo\\\ && eval $(ssh-agent -s) && ssh-add /home/myUserName/.ssh/id_rsa && git checkout . && git checkout master && git pull"

2) create the C:\Users\SYSTEM\.ssh folder and try again? If my guess is correct, this time it should be able to use the path in question.

Hey, I haven't been able to reproduce the error until tonight. Everything has worked fine for a week, but now when I did what you suggested in step 1) and 2) I get this output in yellow text in the log:

Identity added: /home/myUserName/.ssh/id_rsa_PEM (/home/myUserName/.ssh/id_rsa_PEM)
Updated 0 paths from the index
Already on 'master'
Your branch is up to date with 'origin/master'.
warning: Pulling without specifying how to reconcile divergent branches is
discouraged. You can squelch this message by running one of the following
commands sometime before your next pull:
git config pull.rebase false# merge (the default strategy)
git config pull.rebase true # rebase
git config pull.ff only # fast-forward only

You can replace "git config" with "git config --global" to set a default
preference for all repositories. You can also pass --rebase, --no-rebase,
or --ff-only on the command line to override the configured default per
invocation.

Could not create directory '/home/SYSTEM/.ssh'.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists

I started this build by pressing the run button at the "Build Steps" page.

I did also create an .ssh directory in C:\Users\SYSTEM

Hello Benjamin,

Sorry for the delay. This is definitely curious (I would expect the SYSTEM account to be able to use existing .ssh directory in this setup). Could you please check if there is a "TeamCity Build agent"service present in the Administration | Services, and if it is present, which account does it use for logon? You may want to consider to change it to any local account you`d like agent to run as (so to ensure sufficient permissions on the filesystem). 

Hi Fedor,

This is what I can see about TeamCity in the "Services" tab in windows.

set HOME=C:\Users\myUserName

C:\msys64\usr\bin\bash.exe -lc "cd C:\\\path_to_my_repo\\\ && eval $(ssh-agent -s) && ssh-add /home/myUserName/.ssh/id_rsa_PEM && git pull"

Hello Benjamin,

Could you please change the Log On As property of TeamCity Build Agent service to any local/domain user with sufficient permissions to run the build and restart the agent? 

Sure I can try! I can't seem to find the setting in the interface though, could you explain how to do that?

Hello Benjamin,

Please navigate to the Windows Administrative Tools | Services, locate the Build Agent service and in the context menu choose Properties:


On the Log On tab, you can set up any local (or domain) user account which will be used instead of the Local System one:


One thing to note is that the account has to have "Log on as a service" permission (see https://www.jetbrains.com/help/teamcity/setting-up-and-running-additional-build-agents.html#Windows for the details).