I am able to ssh into the node machine via terminal, using ssh jenkins#192.168.50.2. But when I try to connect a node using Jenkins, here using Jenkins GUI, I am getting the following error message. I searched for this and it was an old issue with some jenkins 1.x.x version. Am I doing something wrong with Jenkins setup? Or is a similar bug in the latest version of Jenkins too?.
SSHLauncher{host='192.168.50.2', port=22, credentialsId='3722a835-e9b3-4030-a13f-d5911bef2524', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
[08/27/20 20:20:44] [SSH] Opening SSH connection to 192.168.50.2:22.
Searching for 192.168.50.2 in /var/lib/jenkins/.ssh/known_hosts
Searching for 192.168.50.2:22 in /var/lib/jenkins/.ssh/known_hosts
[08/27/20 20:20:44] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed.
[08/27/20 20:20:44] [SSH] Authentication failed.
Authentication failed.
[08/27/20 20:20:44] Launch failed - cleaning up connection
[08/27/20 20:20:44] [SSH] Connection closed.
credentialsId='3722a835-e9b3-4030-a13f-d5911bef2524' means SSH (through JSch, java library for SSH2 access) will used a specific credential.
That credential can be a password, or a SSH key.
But in any case, it does not seems to be the right credential.
Related
Jenkins SSH server showing mentioned error Algorithm negotiation fail while trying to set up with over the SSH plugin when trying to connect over ssh to a local server (Linux Container). I am able to connect using ssh on the terminal.
jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [anisbleHOST]. Message [Algorithm negotiation fail]]
Ubuntu machine - auth.log
Unable to negotiate with xx.xx.xx.x port 39866: no matching host key type found. Their offer: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 [preauth]
tried with the mentioned below sshd_config values but no luck.
HostKeyAlgorithms ssh-ed25519-cert-v01#openssh.com,ssh-ed25519
KexAlgorithms curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
To resolve the above-mentioned issue first I made changes to /etc/ssh/sshd_config and regenerated RSA keys using ssh-keygen. Jenkins doesn't support keys generated using ed25519.
My New sshd_config -
HostKeyAlgorithms ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostCertificate /etc/ssh/ssh_host_key-cert.pub
KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384
PubkeyAcceptedKeyTypes ssh-rsa,ssh-rsa-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ssh-ed25519
TrustedUserCAkeys /etc/ssh/ssh_user_ca.pub
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
LogLevel DEBUG
Please UPVOTE if it helps you :)
I am facing the below issue please have a look. Thanks in advance.
Searching for lokesh in /var/lib/jenkins/.ssh/known_hosts
Searching for lokesh:22 in /var/lib/jenkins/.ssh/known_hosts
[06/04/20 12:59:45] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 15 seconds. There are 8 more retries left.
You should add the ssh key (created on the slave) to your known hosts file of in the master (Jenkins user). Follow this link
Also you can try one more thing if this does not work. There is an option of Host key verification strategy in jenkins node setup.
Select Non verifying verification strategy and check.
Let me know if this helps.
run this on your Jenkins server:
ssh-keyscan -H ${IP-OF-AGENT} > ~/.ssh/known_hosts
I'm trying to connect to Windows agent use SSh(Launch agent agents via SSH)
Jenkins master(in Linux)
log:
[SSH] Opening SSH connection to 192.168.0.122:22.
[SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
ERROR: Server rejected the 1 private key(s) for my_bot (**********)
[SSH] Authentication failed.
Authentication failed.
Launch failed - cleaning up connection
[SSH] Connection closed.
I tried to add key to authorized_keys.. but it did not help
When ssh says "SSH host key" it means the keys in known_hosts.
Check .ssh/known_hosts to see that key.
Although "Connection will be allowed" implies this is not a problem for you.
So ignore that part of the error message.
Your real problem is "ERROR: Server rejected the 1 private key"...
Is they key exchanged ok?
Private key needs to be in jenkins. Also check file permissions.
Public key needs to be on server side. Probably .ssh/authorized_keys. Also check file permissions. Ssh will not allow keys to be used if permissions on .ssh or files contained inside are too open.
More information is needed to help solve the question:
In your question please show the ssh command you use - the full command - do you specify key with -i parameter ?
From jenkins command-line, can you ssh to the host using the same ssh command ?
Do ls -al on jenkins home .ssh dir and on server side .ssh dir to check permissions.
To get more verbose/debug information add -v or -vv or -vvv to your ssh command.
Also look at ssh logs on server side if possible.
In your question you could tidy up the log messages.
Same error seen on this question here and I can see they did chown 744 .ssh/authorized_keys in dockerfile which is the wrong way to set permissions for an authorized_keys file.
https://superuser.com/questions/1403715/why-i-am-getting-error-server-rejected-the-1-private-key-error-on-setting-up-s/1443503#1443503
Hello everubody , i have this problem when i want to configure a slave node in jenkins with the SSH-agent method , can you help me to resolve this problem ?
11/01/17 12:16:15] [SSH] Opening SSH connection to 192.168.226.197:22.
/var/lib/jenkins/.ssh/known_hosts [SSH] No Known Hosts file was found at /var/lib/jenkins/.ssh/known_hosts. Please ensure one is created at this path and that Jenkins can read it.
Key exchange was not finished, connection is closed.
java.io.IOException: There was a problem while connecting to 192.168.226.197:22
at com.trilead.ssh2.Connection.connect(Connection.java:834)
at com.trilead.ssh2.Connection.connect(Connection.java:703)
at com.trilead.ssh2.Connection.connect(Connection.java:617)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1284)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:804)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:793)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: Key exchange was not finished, connection is closed.
at com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:95)
at com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:237)
at com.trilead.ssh2.Connection.connect(Connection.java:786)
... 9 more
Caused by: java.io.IOException: The server hostkey was not accepted by the verifier callback
at com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:548)
at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:790)
at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:502)
... 1 more
[11/01/17 12:16:15] Launch failed - cleaning up connection
[11/01/17 12:16:15] [SSH] Connection closed.
In your agent configuration, for "Host Key Verification Strategy" you probably have "Known hosts file verification strategy".
But when master initiates ssh connection - it doesn't update the known host file.
So, you can try to execute ssh command manually to initiate a connection and update the file appropriately.
And of course you can disable "Know hosts file verification strategy" by setting "Non verifying Verification Strategy", but it is insecure.
No Known Hosts file was found at /var/lib/jenkins/.ssh/known_hosts. Please ensure one is created at this path and that Jenkins can read it.
On the Master’s machine, you can use ssh-copy-id command connect to agent:
ssh-copy-id [-p agent-ssh-port] agent-user#agent-hostname
On the Master, Relaunch the agent in Jenkins Nodes.
I'm just starting out with jenkins and I'm having trouble to connect to a remote machine via rsync.
I guess jenkins doesn't know which ssh identity file to use or maybe it knows, but doesn't know how to decrypt it? From other questions i gathered that the Gtk-Warning is probably because it can't open the "enter keyphrase"-prompt.
rsync -azvh /var/lib/jenkins/workspace/ofen sascha#my_server:/my_project/ofen
No protocol specified
(ssh-askpass:19928): Gtk-WARNING **: cannot open display: :0
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(226) [sender=3.1.0]
Everything works fine when I try it from commandline.
Need to have the key loaded as part of Jenkin's SSH Agent configuration.
Add the private key to Jenkins via credentials/SSH private key including pass phrase if one is used
Enable SSH agent on the job and give it the credential
Things that use SSH keys and agents can now use the loaded key.
The "identity" depends on where your job is running:
when running on the master, it's the user that runs Jenkins
on a slave, it's the user that you use for connecting the slave
You need to add the public key of that identity to the .ssh/authorized_keys file of user sascha. This will enable public key-based authentication and rsync should run just fine.