I am trying to do SSH from Jenkins to remote server. I have added id_rsa.pub to authorized_keys of remote server to make it password less SSH. I am able to do SSH from server where Jenkins is installed withour password by ssh user#REMOTE_IP.
When I do ls -lrta /root/.ssh/ on Jenkins server I can see id_rsa and id_rsa.pub but if I run same command in Jenkins Pipeline I cannot see those files. I can only see authorized_keys.
Because of this when I run pipeline I get following error
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
As can be seen in your log, the ssh key is under /root, Jenkins user probably doesn't have read access there. (use "ls -ltr /root" to view permission)
You should create /home/jenkins/.ssh folder and provide jenkins user permissions there.
(not recommended) Give jenkins permissions to access the /root/.ssh file. This is possible using "chmod +r /root/.ssh/id_rsa"
Related
I'm Trying to scp file to remote server though ssh using Jenkins pipeline.
~/.ssh/config
Host bastion-fasterdev
Hostname bastion.fasterdev.foo.works
User jenkins
IdentityFile /var/lib/jenkins/.ssh/id_rsa
Host app-server-fasterdev
Hostname ip-11-0-31-76.ap-northeast-1.compute.internal
User root
ForwardAgent yes
ProxyCommand ssh bastion-fasterdev -W %h:%p
Jenkins pipeline code
scp -vvv ./app-server app-server-fasterdev:/data/match/conf/config.properties
Jenkins logs
scp -vvv ./app-server app-server-fasterdev:/data/match/conf/config.properties
Executing: program /usr/bin/ssh host app-server-fasterdev, user root, command scp -v -t /data/match/conf/config.properties
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /var/lib/jenkins/.ssh/config
debug1: /var/lib/jenkins/.ssh/config line 5: Applying options for app-server-fasterdev
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Executing proxy command: exec ssh bastion-fasterdev -W ip-11-0-31-76.ap-northeast-1.compute.internal:22
debug1: permanently_drop_suid: 995
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: Connection closed by remote host
Use jenkins user to run the same command with terminal succeeds?
-bash-4.2$ scp -vvv ./app-server app-server-fasterdev:/data/match/conf/config.properties
Executing: program /usr/bin/ssh host app-server-fasterdev, user (unspecified), command scp -v -t /data/match/conf/config.properties
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /var/lib/jenkins/.ssh/config
debug1: /var/lib/jenkins/.ssh/config line 1: Applying options for *
debug1: /var/lib/jenkins/.ssh/config line 28: Applying options for app-server-fasterdev
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -vvv -W %h:%p bastion-fasterdev
debug1: Executing proxy command: exec ssh -vvv -W ip-11-0-31-76.ap-northeast-1.compute.internal:22 bastion-fasterdev
debug1: permanently_drop_suid: 995
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /var/lib/jenkins/.ssh/config
debug1: /var/lib/jenkins/.ssh/config line 1: Applying options for *
debug1: /var/lib/jenkins/.ssh/config line 9: Applying options for bastion-fasterdev
...
...
...
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2476, received 2452 bytes, in 0.1 seconds
Bytes per second: sent 29435.9, received 29150.6
debug1: Exit status 0
debug1: compress outgoing: raw data 770, compressed 504, factor 0.65
debug1: compress incoming: raw data 504, compressed 770, factor 1.53
debug3: send packet: type 1
debug1: channel 0: free: direct-tcpip: listening port 0 for ip-11-0-31-76.ap-northeast-1.compute.internal port 22, connect from 127.0.0.1 port 65535 to UNKNOWN port 65536, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 direct-tcpip: listening port 0 for ip-11-0-31-76.ap-northeast-1.compute.internal port 22, connect from 127.0.0.1 port 65535 to UNKNOWN port 65536 (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Killed by signal 1.
I've also tried with same result
scp -i /var/lib/jenkins/.ssh/id_rsa ./app-server app-server-fasterdev:/data/match/conf/config.properties.test
or
ssh -i /var/lib/jenkins/.ssh/id_rsa app-server-fasterdev
"git push" command from inside a docker container inside a pod fails with the command:
debug1: read_passphrase: can't open /dev/tty: No such device or
address Host key verification failed.
The groovy code that initiates git push:
sshagent (['my_deploy_key'])
{
sh "ls -la /dev/tty"
sh "ssh -Tv git#github.xx.xxx.com"
sh "git push origin ${branch}"
}
The log shows the /dev/tty exists with the right permissions:
[ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
Executing sh script inside container my-project of pod my-project-1611882622034-s6sj2-xnx40
Executing command: "ssh-agent"
exit
SSH_AUTH_SOCK=/tmp/ssh-Dm0jcALohFq6/agent.68; export SSH_AUTH_SOCK;
SSH_AGENT_PID=69; export SSH_AGENT_PID;
echo Agent pid 69;
SSH_AUTH_SOCK=/tmp/ssh-Dm0jcALohFq6/agent.68
SSH_AGENT_PID=69
Running ssh-add (command line suppressed)
Identity added: /home/jenkins/agent/workspace/Test_Dev/mydir#tmp/private_key_6404034659918914698.key (deploy-key)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ ls -la /dev/tty
crw-rw-rw- 1 root root 5, 0 Jan 29 01:10 /dev/tty
[Pipeline] sh
+ ssh -Tv git#github.xx.xxx.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to github.xx.xxx.com [153.64.42.159] port 22.
debug1: Connection established.
debug1: SELinux support disabled
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version babeld-7fdd29b
debug1: no match: babeld-7fdd29b
debug1: Authenticating to github.xx.xxx.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+VP3LqRsSmtwgQhOdiuCaRKG8wTCeNRdwTlOvrILZq8
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification fail
ed.
Please advice
The SSH protocol does not usually use traditional certificate authorities like TLS does. Instead, when you connect to a machine for the first time, you are prompted to verify its host key, which you typically do out of band. This way, you can verify the remote system is who they claim to be.
This message occurs because normally you are prompted on the terminal to verify the host key, but in this case, there is no terminal, so you cannot be prompted. The only safe thing to do is to fail to connect.
In this case, you will want to store your GitHub Enterprise instance's host key as part of your config. You can find these by running ssh-keyscan github.xx.xxx.com. You should take this output (minus the lines starting with #) and store it in /etc/ssh/ssh_known_hosts in your container or in the ~/.ssh/known_hosts file for the given user.
You can also verify that the fingerprint is correct by going to https://github.xx.xxx.com/api/v3/meta and verifying that SHA256:+VP3LqRsSmtwgQhOdiuCaRKG8wTCeNRdwTlOvrILZq8 is the right fingerprint for the key.
Note that some people will suggest disabling host key verification, but this is not secure and is equivalent to operating on an unencrypted connection, so you should not do this. You should also not run ssh-keyscan each time in your container, because that means you'll accept any host key that's presented, even if it belongs to an attacker, which is equally insecure.
I have 2 instance in AWS EC2. 1 is for Jenkins 1 is for Angular 6. I am trying to build the pipe line from Jenkins instance to Another EC2 instance where my Angular 6 application is hosting.
What Exactly I am trying to do here, if any push got happened in my Bitbucket repo, Jenkins will identify that login to another EC2 instance via ssh -i user#ip and pull the code from master branch and deploy it via pm2.
Currently I'm facing the problem -
Jenkins logs -
Started by user Atique Ahmed Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/meanstack No credentials specified
git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from
the remote Git repository git config remote.origin.url
https://bitbucket.org/atique12/mongocrud_application_frnt_end.git #
timeout=10 Fetching upstream changes from
https://bitbucket.org/atique12/mongocrud_application_frnt_end.git git
--version # timeout=10 git fetch --tags --progress -- https://bitbucket.org/atique12/mongocrud_application_frnt_end.git
+refs/heads/:refs/remotes/origin/ # timeout=10 git rev-parse refs/remotes/origin/master^{commit} # timeout=10 git rev-parse
refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out
Revision a7df8023cebbbac998274628bc761ea68da62da0
(refs/remotes/origin/master) git config core.sparsecheckout #
timeout=10 git checkout -f a7df8023cebbbac998274628bc761ea68da62da0 #
timeout=10 Commit message: "form.component.html edited online with
Bitbucket" git rev-list --no-walk
a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 [meanstack] $
/bin/bash /tmp/jenkins6972607204969540608.sh jenkins is not in the
sudoers file. This incident will be reported. total 12 -r-------- 1
ubuntu ubuntu 1696 Jan 8 05:59 allinstancepair.pem -rwxrwxrwx 1 ubuntu
ubuntu 184 Jan 8 17:21 deploy.sh drw------- 2 ubuntu ubuntu 4096 Jan 8
16:00 mykey /home/ubuntu ./deploy.sh: line 4: cd: mykey: Permission
denied Warning: Identity file /allinstancepair.pem not accessible: No
such file or directory. OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL
1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying
options for * Pseudo-terminal will not be allocated because stdin is
not a terminal. debug1: Connecting to 13.233.183.227 [13.233.183.227]
port 22. debug1: Connection established. debug1: identity file
/var/lib/jenkins/.ssh/id_rsa type 0 debug1: key_load_public: No such
file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_rsa-cert type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_dsa type -1 debug1: key_load_public: No such
file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_dsa-cert type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ecdsa type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ecdsa-cert type -1 debug1: key_load_public:
No such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ed25519 type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ed25519-cert type -1 debug1: Local version
string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol
version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat
0x04000000 debug1: Authenticating to 13.233.183.227:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key
algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher:
chacha20-poly1305#openssh.com MAC: compression: none debug1: kex:
client->server cipher: chacha20-poly1305#openssh.com MAC: compression:
none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host
key: ecdsa-sha2-nistp256
SHA256:2t3A4VkLU7+iLWc7e/HKast+vY6I3dXnOxY9pVzL6+g debug1: Host
'13.233.183.227' is known and matches the ECDSA host key. debug1:
Found key in /var/lib/jenkins/.ssh/known_hosts:1 debug1: rekey after
134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting
SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after
134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1:
kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT
received debug1: Authentications that can continue: publickey debug1:
Next authentication method: publickey debug1: Offering public key: RSA
SHA256:ZKnUTgYBL/OMjNHzEf3ATonaIBa5OfQs8htabRUA/Vo
/var/lib/jenkins/.ssh/id_rsa debug1: Authentications that can
continue: publickey debug1: Trying private key:
/var/lib/jenkins/.ssh/id_dsa debug1: Trying private key:
/var/lib/jenkins/.ssh/id_ecdsa debug1: Trying private key:
/var/lib/jenkins/.ssh/id_ed25519 debug1: No more authentication
methods to try. root#13.233.183.227: Permission denied (publickey).
allinstancepair.pem deploy.sh mykey ./deploy.sh: line 7: cd:
mongocrud_application_frnt_end: No such file or directory fatal: not a
git repository (or any of the parent directories): .git /home/ubuntu
./deploy.sh: line 10: npm: command not found ./deploy.sh: line 11:
pm2: command not found /home/ubuntu Finished: SUCCESS
My Jenkins is not able to read the pem key file
while I am trying to make the login using SSH and pem key to another instance.
I have tried -
chmod 400 - mypem.key chmod 600 - mypem.key chmod 777 - mypem.key
No help. Every time I am getting permission denied issue. Any help ?
Jenkins run the jobs under jenkins user. Jenkins user does not have the permission to read the files from other directories. Also you need to run chmod command with sudo. If you are trying to run commands from Jenkinsfile with sudo, then it won't work. For that you need to edit the sudoers file. It will give access to jenkins user to run sudo commands without password. How to change and what to change can be found here.
One more thing, if you are trying to run shh command from jenkinsfile to connect to other ec2 instance, then simple sh "ssh -i pem.key user#ip" won't work. You need to disable the verification by assigning StrictHostKeyChecking to no i.e. ssh -o "StrictHostKeyChecking no" -i pem.key user#ip
$ ssh -v ce.gitro.net -p 2222
OpenSSH_7.3p1, OpenSSL 1.0.2j 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to ce.gitro.net [175.200.135.69] port 2222.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/dreamboy/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to ce.gitro.net:2222 as 'dreamboy'
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 175.200.135.69 port 2222
I had the same problem, looking at the log files from sshd in /var/log/gitlab/sshd I could see that I had set the wrong permissions for the key files.
In my case running the following solved the problem:
chmod -R 700 /etc/gitlab
I'm trying to run some Docker instances to allow Jenkins to perform some jobs on them.
I followed this tutorial (http://devopscube.com/docker-containers-as-build-slaves-jenkins/) to achieve it. It's currently creating some new docker instances, but it does not connect to them.
All of these new docker instances must have direct access to physical network, so they have to be built with "-net=bridge". Each port 22 of each docker container is being binded to a free host port.
So, the thing is that I cannot reach any docker instance through SSH access.
Moreover, If I get into one of these docker instances, i'm not able to do ssh to localhost getting the next:
[jenkins#d4084633f2bc ~]$ ssh localhost -v
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/jenkins/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: identity file /home/jenkins/.ssh/id_rsa type -1
debug1: identity file /home/jenkins/.ssh/id_rsa-cert type -1
debug1: identity file /home/jenkins/.ssh/id_dsa type -1
debug1: identity file /home/jenkins/.ssh/id_dsa-cert type -1
debug1: identity file /home/jenkins/.ssh/id_ecdsa type -1
debug1: identity file /home/jenkins/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/jenkins/.ssh/id_ed25519 type -1
debug1: identity file /home/jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer
How can I solve this? Does anybody know it?
Thanks in advance.