I getting error "ERROR: Failed to run ssh-add"
I am trying to ssh into remote machine so
SSH credential are set
Pipeline script is calling ssh-agent
On executing the job I get error below
I have tried this reported bug https://issues.jenkins-ci.org/browse/JENKINS-50181 but it is not working and bug has been already resolved in latest version 1.17 which i have now.
Can anyone suggest how to fix this issue.
This is just a wild guess since this could have different reasons.
But I just had this error, and my problem was that when I created the credential in Jenkins I forgot to add a linebreak at the end of the input.
...
...<all the usual content>...
...
-----END OPENSSH PRIVATE KEY-----<linebreak needed here>
I got this error when I put the SSH public key into the Jenkins credential instead of properly putting the private key.
Note that the private key is the long one that looks like this:
-----BEGIN RSA PRIVATE KEY-----
... lots of unreadable random characters for many lines ...
-----END RSA PRIVATE KEY-----
I got this error when I didn't put they private key's passphrase into Jenkins.
I thought the key didn't have a passphrase because I wasn't having to enter it when using the key manually. It turns out my local keyring was automatically taking care of this.
I ran into this problem after copying the credentials.xml file from an old installation to a new one. The key appears to be stored in a hashed format in the credentials.xml file and may be the hash is unique based on the version of jenkins. I just had to find the private key on my system and then paste it in the UI along with the additional line break as suggested by #peedee
I had the same issue when I tried to use OpenSSH key format in Jenkins credentials - remote session always fails with ERROR: Failed to run ssh-add.
The solution was to provide a PEM key generated with -m PEM flag. So the private key format should be: "-----BEGIN RSA PRIVATE KEY-----" instead of "-----BEGIN OPENSSH PRIVATE KEY-----" etc.
Related
I use Publish over SSH in Jenkins to connect to remote server. I already have a private key(in OpenSSH format starts with -----BEGIN OPENSSH PRIVATE KEY-----) that works perfectly from shell under jenkins user but when I use it from web interface it throws
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: [B#4bba7224]
At the same time I generated another key on Jenkins machine (Debian GNU/Linux 9 in Docker) and copied id_rsa.pub to remote machine. This key is different and starts with -----BEGIN RSA PRIVATE KEY----- and for this key error is Message [Auth fail] so it understand the key.
I just came across the same issue. The plugin was confused by the newer OpenSSH format (I also had a private key starting with -----BEGIN OPENSSH PRIVATE KEY-----).
I saved the key and loaded it in PuTTyGen, then Conversions-> Export OpenSSH Key (notice there is a "Export OpenSSH Key (force new file format)" which we don't want. This is on Windows obviously; I'm not sure what equivalent would be on other OS'es.
My newly exported key started with -----BEGIN RSA PRIVATE KEY-----and the plugin accepted it after this.
I Have installed 'Publish Over SSH' plugin in Jenkins and would like to transfer few files to SSH Server after each Build .
I have generated the private key using puttygen with passphrase and have given the OpenSSH Public Key in 'authorization_keys' in SSH Server.
Using the generated private key and passphrase , I'm able to login to the SSH Server through PuTTY.
But in Jenkins I'm not able to add the SSH Key. Getting the below Error.
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [The cipher 'aes256-cbc' is required, but it is not available.
Most of the tools (including Jenkins) support keys in OpenSSH format (generated using ssh-keygen), not in the PuTTY format (generated using PuTTYgen). Generate a new key using ssh-keygen or convert the PPK to OpenSSH format.
I wrote the following information in the SO Documentation.
Convert PPK (PuTTY key) to OpenSSH format
You might receive from your peer private key in PPK format, which seems it does not work in OpenSSH (command-line ssh). The client will be asking for the passphrase, because of OpenSSH bug.
$ ssh -i mykey.ppk example.com
Enter passphrase for mykey.ppk:
You need to convert the key to OpenSSH format using PuTTYgen (command-line version):
puttygen mykey.ppk -o mykey.key -O private-openssh
Or in GUI version:
Open PuttyGen
Click Load
Load your private key
Go to Conversions->Export OpenSSH and export your private key
Copy your private key to ~/.ssh/id_rsa
Source: SO answer, Unix SE answer
I've checked several threads regarding CLI access:
Jenkins CLI Authentication
Using the jenkins CLI (on fedora 23)
Jenkins CLI connection refused
And unfortunately it's not my case.
I'm trying to run the following command:
java.exe -jar jenkins-cli.jar -i C:\Users\myuser\.ssh\id_rsa -s http://MasterJenkins:port/ list-jobs All
And I'm getting the following execption:
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
at hudson.cli.Connection.readBoolean(Connection.java:93)
at hudson.cli.CLI.authenticate(CLI.java:565)
at hudson.cli.CLI._main(CLI.java:476)
at hudson.cli.CLI.main(CLI.java:387)
Going to : http://MasterJenkins:port/me/configure I made sure that the "SSH Public Keys" section is the same key I have in my public key. I was a month abroad, before leaving it worked, now it doesn't and my team member swears nothing changed in the system.
Any ideas?
I had a similar issue last week with my own ssh private/public key.
I fixed it by
Generating a new public/private key combination using ssh-keygen
bash-4.1$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/users/xxxxx/.ssh/id_rsa): JenkinsCLI
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in JenkinsCLI.
Your public key has been saved in JenkinsCLI.pub.
The key fingerprint is:
f6:4c:be:fc:cb:cd:d3:ee:8c:80:26:a2:57:df:67:14 xxxxx#eeeee
The key's randomart image is:
+--[ RSA 2048]----+
Private file
Copy and paste the content of JenkinsCLI in your .private file
Public file
log into Jenkins>Click your Login id dropdown>Configure>SSH Public Keys
copy and paste the content of JenkinsCLI.pub file into SSH Public Keys text area
You should be able to authenticate.
I'm expericing the following error when trying to use the Publish Over SSH plugin to jenkins when using a different key.
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: TheKey]
I've tried different alternatives of using the path to key and the key field itself.
Has anyone experienced / solved this issue?
If someone came across this type of error.
Jenkins "Publish Over SSH plugin" accept private key in OpenSSH format format.
Please use below steps, to convert private key in OpenSSH format.
Using Putty gen.
Open PuttyGen
Click Load
Load your private key (Enter passphrase if required)
Go to Conversions->Export OpenSSH and export your private key
Copy and paste the private key into the Key section of Jenkins SSH Server.
Enter Passphrase.
Click on "Test Configuration" button, "Success" :)
In your path (to the key), do you have both public and private keys in this folder?
I think It's mandatory when you pair 2 machines.
Since you are using a different key, you will have a public and private key pair. The public key has to be added to the target server autorized_keys file with in the <$HOME user>/.ssh/ and the private key has to configured in the Jenkins either using the path to key and the key field itself.
I am following this blog to create a mdm server link.
In the 7th step they are stripping password from the private key by running this command
openssl rsa -in key.pem -out private.key
But when I run this command on my terminal I am getting error
unable to load Private Key
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
I am working on mac. All the steps before that worked fine. In the previous step they asked to enter passphrase I pressed enter without passphrase, is this the reason for this error.
Hope you understand the problem
Thanks
I pressed enter without passphrase, is this the reason for this error.
Yes, you are correct — since you didn't use a passphrase there's nothing to strip out in that step.
Unfortunately the tutorial failed to mention anything about that before you arrived at your conclusion. A passphrase shouldn't (normally) be necessary anyway, as the important private key extracted earlier should be all that you would need.
MDM vendor CSR signing tips (a bit easier to understand in my opinion)
Apple Push Certificates Portal (related help documentation).