Can I do ssh to remote server with password without using jenkins plugin and public /private key concept ? Also can I make jenkins pipleline interactive by asking parameter value to user during runtime?
I tried it by 'execute shell' option but its not working
It's a while since I worked in this area, but I seem to remember that one computer logging into a second machine using SSH needed to have a trust relationship set up. User name and password would not work (at least under Linux)
Related
I'm trying to configure Jenkins permanent node for remote Linux server.
My Jenkins master is on Windows.
Unfortunately I do not get the option to enter the hosts details and it populates by login ID in place of Hosts. (Please see snapshot)
I'm using ssh keys in the credentials for user root.
I guess I have all the required plugins.
I'm on the latest version of Jernkins.
Can you please suggest how can i fix the problem ?
I found out that my username was for someone reason set in the hostname under credentials for Jenkins.
Deleting the same from the Jenkins credentials resolved the hostname issue for the slave node and now I m able to enter the correct IP.
I have a jenkins job that uses ssh to connect to the scheduler user on a quartz server; it can restart quartz as the scheduler user, and the processes and libraries appear to be owned by the scheduler, but whenever an encrypt/decrypt task is run, it thinks it's being called as the jenkins user instead of the scheduler.
ID and env indicate that the remote shell is running as the scheduler user - why does the encrypt task look to the jenkins .pgp directory? The only way for me to fix this is to ssh to the box myself, sudo to the scheduler, and restart the jobs. How do I get jenkins to emulate this?
You would need to record your own private key in Jenkins, through the JENKINS SSH Credentials Plugin.
That way, Jenkins would be able to use your own SSH credential when diong its SSH step, connecting to the quartz server as you instead of jenkins.
I finally spotted the source of my problem, and I'm so embarrassed - the scheduler user's home directory was actually owned by jenkins, with the scheduler user as the group owner. No wonder pgp looked in the jenkins directory for its info. I must have changed ownership to jenkins earlier when I was setting things up, but that wasn't a very good idea.
Thank you for responding - it is great to have some company when one is confused and needing a different perspective.
I am trying to create a new directory and copy files to it. So I'm using a job of "Execute batch command".
First I tried to run: robocopy source destination /e.
Then I tried: mkdir destination. In both cases I got an "Access is denied" mssage.
If I try it myself manualy I am able to create a directory and copy files to it.
The destination is a remote computer's shared folder: \computerName\sharedFolder\
Anyone knows how to get access rights with Jenkins?
I know this post is a bit old but I found two solutions that work pretty well so I'm posting it in case somebody needs it.
First: allowing the disk usage for the current run
On your "Execute batch command" you can add a line:
net use \\server\folder /USER:domain\user password
You can then use \server\folder in your commands and it'll work.
Jenkins can even deal with credentials so that there's not in plain text.
The second solution is to boot Jenkins as a specific user so that all the commands will be run as this user.
To do this:
Open services app in windows
Search for Jenkins
Right click, properties
On Log On tab configure the credentials you want to use
Reboot Jenkins
I hope this helps someone
To find out the user under which your jobs run, create a "scratch" job in Jenkins. Give it a single "Execute Windows Batch command" build step and enter "set" as the text of your batch command. If your affected job is running on a Windows slave, make sure this job runs on the same slave. Run the job. Your console will show a list of the environment variables known to that job, the same as if you typed "set" in a Command Prompt window on your desktop. The difference will be that near the bottom, the username shown for "USERDOMAIN" and "USERNAME" in your command window will be you (the user you are logged in as); in the console output, it will be the user account that your Jenkins job runs under.
That user may not actually have login rights. And, if Jenkins is running as a service, you can't just set up a share in your command window: Jenkins jobs run under a different Windows "session" and that session will not see the share you created in your login session.
A not-very-secure way to get you over the hump would be to add parameters to your job for the username (string parameter) and password (password parameter). Before you need access to the drive, either in the same build step or in a 'Execute Windows Batch Command' step that runs prior to that build step, run "#net use : \computername\sharename %% /USER:%% /persistent:no". (for example: "#net use p: \COMPUTER\SHARE %PASSWORD% %USER% /persistent:no"). The "#" will keep the password from showing in the log. (However, the password will be associated with the job and will be encoded in Jenkins if "Allow rebuild" is enabled.) Make sure when you are done you clean up ("net use /delete") and you may need to test and clean up the drive letter before you try to connect, in case a previous job failed without releasing the drive letter.
In this scenario you would have to enter a username and password for someone who can access the share when you run the job. You could encode hidden parameters with these values pre-filled in, but that means that user's username and password are encoded into the job definition, and the default for the hidden password parameter would not be encrypted in the Jenkins config files.
There are definitely more secure ways to get the drive share enabled in the Jenkins service session, but depending on your environment this may be 'good enough' to get you past the block you are faced with right now. I have used tricks like these in an environment where I was not a Jenkins administrator and I had very limited access rights (and no admin rights) on the Jenkins slaves.
In my setup, the Jenkins slave service runs under a specific user (named jenkins).
It makes it easy to verify the access rights for that specific user.
Of course jenkins needs to have write access on the remote folder, both on the physical disk and the share.
I'm using the jenkins-cli.jar file from my jenkins server, and on every run it prompts me for my ssh key passphrase. I'd like it to use my ssh keychain so I don't have to enter it on every invocation.
If it matters, I'm on OSX using the default keychain setup, I don't have a manual ssh-agent configured right now.
Jenkins CLI client does not support SSH agents for now.
As a workaround, you can generate dedicated key without passphrase, associate it with your Jenkins account and instruct client to use that key on every invocation.
I want to deploy my created war automatically to /tomcat/webapps from jenkins scp plugin.
In jenkins ->Manage Jenkins ->configure system
Hostname-deploy port-22 repository- "ipaddress:8080"/usr/bin/scp
Username-jenkins
Error here "Cant connect to server"
password-jenkins
In jenkins->new job ->configure
scp site - deploy
file to upload
source - http://"ip:8080"/var/lib/jenkins/workspace/WebWarDemo/source/**
destination - http://"ip:8080"/usr/share/tomcat6/webapps/
above is my configuration for scp plugin but i am getting error in first configuration as shown.
but when i tried to run the another error is "jenkins scp com.jcraft.jsch.jschexception auth cancel" i tried so many times changing user name no effect plz suggest anything
I am entering username and password of jenkins server user.
Make sure of the following things:
The user with which you are trying to connect to Repository server has "WRITE" access.
SSH connection has been established between the twos servers with public keys of the respective users
Login to jenkins as jenkins user and run the following
ssh repouser#repository server
What do you get?
Let me know if you have ensured these. Will take it ahead from there