I am trying to scp some files and then ssh into a remote server. Works fine from localhost. However when I am trying the same through a shell script in Jenkins, the ssh session gets kinda stuck or closes. I tried running the scp command alone by hashing out the sab command and that works fine. I am receiving a debug1: Exit status 0 at the end of my Console Output.
The commands I'm trying to run are :
sshpass -p 0pen5ecret scp -v -o StrictHostKeyChecking=no
/home/jenkins/test_folder/${env}_test.properties
servername#${server}:/home/
and then,
sshpass -p password ssh -tt -o StrictHostKeyChecking=no
servername#${server} 'cd /home ; rm -f cachefolder ; sh test.sh'
Below is the error message I am getting in Console Output :
debug1: Host '172.21.83.215' is known and matches the RSA host key.
debug1: Found key in /var/lib/jenkins/.ssh/known_hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-
interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /var/lib/jenkins/.ssh/id_rsa
debug1: Trying private key: /var/lib/jenkins/.ssh/id_dsa
debug1: Trying private key: /var/lib/jenkins/.ssh/id_ecdsa
debug1: Trying private key: /var/lib/jenkins/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 172.21.83.244 ([172.21.83.210]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v -t /data01/DS_Release
Sending file modes: C0777 123 TS2_DeploymentScore.properties
Sink: C0777 123 TS2_DeploymentScore.properties
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Transferred: sent 3320, received 4596 bytes, in 0.1 seconds
Bytes per second: sent 54147.4, received 74958.3
debug1: Exit status 0
How can this be resolved ? Thanks in advance. Btw, this is my very first question here so be nice.
To SCP file remotely over the server, you can use either of the two options:
If you are using Jenkins file, you can use stash and unstash feature of Jenkins:
create two stages in pipeline, run the first one on the source server and stash your files in that.
run the second stage on destination server and unstash your files in that server.
(you need to install Jenkins agent on the server)
If you are using a freestyle job, you can use expect script to copy files remotely, you can use below syntax:
#!/usr/bin/expect -f
#Usage sshsudologin.expect <host> <ssh user> <ssh password> <foldername>
set timeout 20
spawn scp -r "/sourcefolder/[lindex $argv 3]" [lindex $argv 1]#[lindex $argv 0]:"/export/home/[lindex $argv 1]/"
expect "yes/no" {
send "yes\r"
expect "*?assword" { send "[lindex $argv 2]\r" }
} "*?assword" { send "[lindex $argv 2]\r" }
expect eof
Related
I'm trying to do an scp copy from another server to a my Jenkins workspace, but it's not working. Usually the error is says ssh-askpass cannot be found. However, I never specified askpass in the pipeline. My error is below. Please note I changed the userid and host in the reported log for increased anonymity; I mention this in case someone is somehow able to reverse engineer the hash.
I (with effort) verified the value of the file being passed in and am passing in a private key into the call to scp. I can do the same copy by hand in my local machine.
[Pipeline] sh
+ scp -i **** -v 'myuser#mycompany.com:/ic2e/SSCSetup/SSCFiles/SSC*.CP037' host-dirs/cost-files
Executing: program /usr/bin/ssh host mycompany.com, user myuser, command scp -v -f /ic2e/SSCSetup/SSCFiles/SSC*.CP037
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to mycompany.com [xx.xxx.60.206] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file **** type -1
debug1: key_load_public: No such file or directory
debug1: identity file ****-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to mycompany.com:22 as 'myuser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64#openssh.com compression: none
debug1: kex: curve25519-sha256 need=16 dh_need=16
debug1: kex: curve25519-sha256 need=16 dh_need=16
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:M9+dnJIbV51qw3YyJ11k4+A4W65gBvbg+/FG4uC8q7s
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: permanently_drop_suid: 1019
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
Host key verification failed.
[Pipeline] }
Snippet of pipeline:
stage('Copy Cost File To Jenkins'){
withCredentials([sshUserPrivateKey(credentialsId: "462e5c76-fae2-4d66-a72b-15ddba9dc785", keyFileVariable: 'my_private_key_file')]) {
sh "scp -i ${my_private_key_file} -v myuser#mycompany.com:/some_path/SSC*.CP037 host-dirs/cost-files"
}
}
You can disable the host key verification and retry. There is a attribute -o StrictHostKeyChecking=no
"git push" command from inside a docker container inside a pod fails with the command:
debug1: read_passphrase: can't open /dev/tty: No such device or
address Host key verification failed.
The groovy code that initiates git push:
sshagent (['my_deploy_key'])
{
sh "ls -la /dev/tty"
sh "ssh -Tv git#github.xx.xxx.com"
sh "git push origin ${branch}"
}
The log shows the /dev/tty exists with the right permissions:
[ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
Executing sh script inside container my-project of pod my-project-1611882622034-s6sj2-xnx40
Executing command: "ssh-agent"
exit
SSH_AUTH_SOCK=/tmp/ssh-Dm0jcALohFq6/agent.68; export SSH_AUTH_SOCK;
SSH_AGENT_PID=69; export SSH_AGENT_PID;
echo Agent pid 69;
SSH_AUTH_SOCK=/tmp/ssh-Dm0jcALohFq6/agent.68
SSH_AGENT_PID=69
Running ssh-add (command line suppressed)
Identity added: /home/jenkins/agent/workspace/Test_Dev/mydir#tmp/private_key_6404034659918914698.key (deploy-key)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ ls -la /dev/tty
crw-rw-rw- 1 root root 5, 0 Jan 29 01:10 /dev/tty
[Pipeline] sh
+ ssh -Tv git#github.xx.xxx.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to github.xx.xxx.com [153.64.42.159] port 22.
debug1: Connection established.
debug1: SELinux support disabled
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version babeld-7fdd29b
debug1: no match: babeld-7fdd29b
debug1: Authenticating to github.xx.xxx.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+VP3LqRsSmtwgQhOdiuCaRKG8wTCeNRdwTlOvrILZq8
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification fail
ed.
Please advice
The SSH protocol does not usually use traditional certificate authorities like TLS does. Instead, when you connect to a machine for the first time, you are prompted to verify its host key, which you typically do out of band. This way, you can verify the remote system is who they claim to be.
This message occurs because normally you are prompted on the terminal to verify the host key, but in this case, there is no terminal, so you cannot be prompted. The only safe thing to do is to fail to connect.
In this case, you will want to store your GitHub Enterprise instance's host key as part of your config. You can find these by running ssh-keyscan github.xx.xxx.com. You should take this output (minus the lines starting with #) and store it in /etc/ssh/ssh_known_hosts in your container or in the ~/.ssh/known_hosts file for the given user.
You can also verify that the fingerprint is correct by going to https://github.xx.xxx.com/api/v3/meta and verifying that SHA256:+VP3LqRsSmtwgQhOdiuCaRKG8wTCeNRdwTlOvrILZq8 is the right fingerprint for the key.
Note that some people will suggest disabling host key verification, but this is not secure and is equivalent to operating on an unencrypted connection, so you should not do this. You should also not run ssh-keyscan each time in your container, because that means you'll accept any host key that's presented, even if it belongs to an attacker, which is equally insecure.
I have 2 instance in AWS EC2. 1 is for Jenkins 1 is for Angular 6. I am trying to build the pipe line from Jenkins instance to Another EC2 instance where my Angular 6 application is hosting.
What Exactly I am trying to do here, if any push got happened in my Bitbucket repo, Jenkins will identify that login to another EC2 instance via ssh -i user#ip and pull the code from master branch and deploy it via pm2.
Currently I'm facing the problem -
Jenkins logs -
Started by user Atique Ahmed Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/meanstack No credentials specified
git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from
the remote Git repository git config remote.origin.url
https://bitbucket.org/atique12/mongocrud_application_frnt_end.git #
timeout=10 Fetching upstream changes from
https://bitbucket.org/atique12/mongocrud_application_frnt_end.git git
--version # timeout=10 git fetch --tags --progress -- https://bitbucket.org/atique12/mongocrud_application_frnt_end.git
+refs/heads/:refs/remotes/origin/ # timeout=10 git rev-parse refs/remotes/origin/master^{commit} # timeout=10 git rev-parse
refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out
Revision a7df8023cebbbac998274628bc761ea68da62da0
(refs/remotes/origin/master) git config core.sparsecheckout #
timeout=10 git checkout -f a7df8023cebbbac998274628bc761ea68da62da0 #
timeout=10 Commit message: "form.component.html edited online with
Bitbucket" git rev-list --no-walk
a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 [meanstack] $
/bin/bash /tmp/jenkins6972607204969540608.sh jenkins is not in the
sudoers file. This incident will be reported. total 12 -r-------- 1
ubuntu ubuntu 1696 Jan 8 05:59 allinstancepair.pem -rwxrwxrwx 1 ubuntu
ubuntu 184 Jan 8 17:21 deploy.sh drw------- 2 ubuntu ubuntu 4096 Jan 8
16:00 mykey /home/ubuntu ./deploy.sh: line 4: cd: mykey: Permission
denied Warning: Identity file /allinstancepair.pem not accessible: No
such file or directory. OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL
1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying
options for * Pseudo-terminal will not be allocated because stdin is
not a terminal. debug1: Connecting to 13.233.183.227 [13.233.183.227]
port 22. debug1: Connection established. debug1: identity file
/var/lib/jenkins/.ssh/id_rsa type 0 debug1: key_load_public: No such
file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_rsa-cert type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_dsa type -1 debug1: key_load_public: No such
file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_dsa-cert type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ecdsa type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ecdsa-cert type -1 debug1: key_load_public:
No such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ed25519 type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/var/lib/jenkins/.ssh/id_ed25519-cert type -1 debug1: Local version
string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol
version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat
0x04000000 debug1: Authenticating to 13.233.183.227:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key
algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher:
chacha20-poly1305#openssh.com MAC: compression: none debug1: kex:
client->server cipher: chacha20-poly1305#openssh.com MAC: compression:
none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host
key: ecdsa-sha2-nistp256
SHA256:2t3A4VkLU7+iLWc7e/HKast+vY6I3dXnOxY9pVzL6+g debug1: Host
'13.233.183.227' is known and matches the ECDSA host key. debug1:
Found key in /var/lib/jenkins/.ssh/known_hosts:1 debug1: rekey after
134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting
SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after
134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1:
kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT
received debug1: Authentications that can continue: publickey debug1:
Next authentication method: publickey debug1: Offering public key: RSA
SHA256:ZKnUTgYBL/OMjNHzEf3ATonaIBa5OfQs8htabRUA/Vo
/var/lib/jenkins/.ssh/id_rsa debug1: Authentications that can
continue: publickey debug1: Trying private key:
/var/lib/jenkins/.ssh/id_dsa debug1: Trying private key:
/var/lib/jenkins/.ssh/id_ecdsa debug1: Trying private key:
/var/lib/jenkins/.ssh/id_ed25519 debug1: No more authentication
methods to try. root#13.233.183.227: Permission denied (publickey).
allinstancepair.pem deploy.sh mykey ./deploy.sh: line 7: cd:
mongocrud_application_frnt_end: No such file or directory fatal: not a
git repository (or any of the parent directories): .git /home/ubuntu
./deploy.sh: line 10: npm: command not found ./deploy.sh: line 11:
pm2: command not found /home/ubuntu Finished: SUCCESS
My Jenkins is not able to read the pem key file
while I am trying to make the login using SSH and pem key to another instance.
I have tried -
chmod 400 - mypem.key chmod 600 - mypem.key chmod 777 - mypem.key
No help. Every time I am getting permission denied issue. Any help ?
Jenkins run the jobs under jenkins user. Jenkins user does not have the permission to read the files from other directories. Also you need to run chmod command with sudo. If you are trying to run commands from Jenkinsfile with sudo, then it won't work. For that you need to edit the sudoers file. It will give access to jenkins user to run sudo commands without password. How to change and what to change can be found here.
One more thing, if you are trying to run shh command from jenkinsfile to connect to other ec2 instance, then simple sh "ssh -i pem.key user#ip" won't work. You need to disable the verification by assigning StrictHostKeyChecking to no i.e. ssh -o "StrictHostKeyChecking no" -i pem.key user#ip
I have a pipeline where I run an ssh command in order to verify credentials that were previously entered. Here's the step:
node {
sh '''
set +x
sshpass -p $PASS ssh -o StrictHostKeyChecking=no -T $USER#$HOST
'''
}
It works fine when the provided credentials are correct, however with incorrect password it automatically repeats itself 3 times. This behavior is exclusive to Jenkins, as I have tried running it with wrong credentials directly from terminal on Jenkins hosts and it executes only one time as expected.
I suspected that it could be due to the different interpreter that Jenkins might use to run commands, so I tried running it with #!/bin/bash, however it yielded no results. What could be the case for such behaviour? Does it have anything to do with pseudo-tty allocation?
Here's the output of the ssh command with -vvv (verbose) option:
debug1: Next authentication method: password
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Fixed the issue by setting the NumberOfPasswordPrompts option to 1:
sshpass -p pass ssh -o StrictHostKeyChecking=no -o NumberOfPasswordPrompts=1 -T user#host
From ssh_config(5) man page:
NumberOfPasswordPrompts
Specifies the number of password prompts
before giving up. The argument to this keyword must be an integer. The
default is 3.
Apparently with sshpass it only prompts for password once when run interactively as opposed to scripted manner.
I was trying to git push my RoR app to Heroku at another company which had a firewall blocking SSH connection. So I followed the guide here: https://help.github.com/articles/using-ssh-over-the-https-port/ and added to ~/.ssh/config, the following code:
Host github.com
Hostname ssh.github.com
Port 443
ssh -T -p 443 git#ssh.github.com and ssh -T git#github.com were ran successfully and I was able to git push my app over the corporate firewall. However, back at home, when I tried git push again, my RoR app crashed on Heroku. I am getting this error when I try to install anything on Homebrew: LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443. I think this error and app crashing is related to the SSH over HTTPS change I made. I upgraded OSX from Yosemite to High Sierra - not sure if that's related.
Please help disable SSH connections over HTTPS.
Edit 1: running ssh -vT git#github.com gives the following output, if this helps:
OpenSSH_7.5p1, LibreSSL 2.5.4
debug1: Reading configuration data /Users/rahn/.ssh/config
debug1: /Users/rahn/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug1: Connecting to github.com [192.30.253.113] port 22.
debug1: Connection established.
debug1: identity file /Users/rahn/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/rahn/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version libssh_0.7.0
debug1: no match: libssh_0.7.0
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256#libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/rahn/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/rahn/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.253.113]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi sampbay! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3484, received 2104 bytes, in 0.1 seconds
Bytes per second: sent 33097.5, received 19987.7
debug1: Exit status 1