Recently I got an error doing ssh to another remote server from Jenkins pipeline. I forget to save all the log but here's a part of it
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
In the error log, there's a suggestion to run this command to fix it
sudo ssh-keygen -f "/var/lib/jenkins/.ssh/known_hosts" -R "<<remote ssh ip>>"
so I ran it.
Previously some remote ssh command does run before it returns an error.
But now it seems can't connect to the remote at all, the remote ssh command fails from the beginning.
Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).
from How can I get rid of " WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" I tried running ssh-keygen -R <<remote ssh ip>> but the error still appear.
How can I recover the deleted line? or recreate a new one?
First, you have to understand what the message means before you "get rid of it".
The message means the destination server has changed its identity or someone is hacking you man-in-the-middle like and the server you are trying to reach, is not the server you think it is.
So first of all you must make sure there is no man-in-the-middle hack going on.
Then, you go into the known_hosts file and delete just the line with the server you are about to connect to.
After saving, you get asked wether you want to trust the server or not just as a connection to a yet unknown host.
Related
Yesterday I was trying to update my ruby on rails application by uploading it with capistrano but I had to cancel the upload in the middle of the process, immediately I was trying to access the server via ssh with ssh deploy#my_ip_server and it was waiting to access, I ended up restarting the aws instance.
Today I am trying to access the server via ssh and I get this alert:
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:Adfadssdgdfg......
Please contact your system administrator.
Add correct host key in /home/jeff/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/jeff/.ssh/known_hosts:23
remove with:
ssh-keygen -f "/home/jeff/.ssh/known_hosts" -R "my_ip_server"
ECDSA host key for my_ip_server has changed and you have requested strict checking.
The ip of my instance changed I imagine it is because I restarted the instance, I immediately changed the .ssh/authorized_keys file with a new access key.
To access by ssh I have a security rule in aws that only allows access with the ip of my machine.
Should I be worried about this alert? being that the instance is new and at the moment it is only in testing phase.
Could not read the contents of .ssh directory.
Error opening directory '/home/[username]/.ssh': Permission denied
I can see in the list of running processes that mysql-workbench is not running as root user.
I am not sure what the actual issue is. I only want to load '/home/[username]/.ssh/id_rsa' file while adding parameter in 'SSH key file' during connection setup. So that my connection should be established successfully.
Presumably you're on Ubuntu. I had this problem too and https://askubuntu.com/a/1271919/48214 was the solution for me.
I'm trying to connect to Windows agent use SSh(Launch agent agents via SSH)
Jenkins master(in Linux)
log:
[SSH] Opening SSH connection to 192.168.0.122:22.
[SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
ERROR: Server rejected the 1 private key(s) for my_bot (**********)
[SSH] Authentication failed.
Authentication failed.
Launch failed - cleaning up connection
[SSH] Connection closed.
I tried to add key to authorized_keys.. but it did not help
When ssh says "SSH host key" it means the keys in known_hosts.
Check .ssh/known_hosts to see that key.
Although "Connection will be allowed" implies this is not a problem for you.
So ignore that part of the error message.
Your real problem is "ERROR: Server rejected the 1 private key"...
Is they key exchanged ok?
Private key needs to be in jenkins. Also check file permissions.
Public key needs to be on server side. Probably .ssh/authorized_keys. Also check file permissions. Ssh will not allow keys to be used if permissions on .ssh or files contained inside are too open.
More information is needed to help solve the question:
In your question please show the ssh command you use - the full command - do you specify key with -i parameter ?
From jenkins command-line, can you ssh to the host using the same ssh command ?
Do ls -al on jenkins home .ssh dir and on server side .ssh dir to check permissions.
To get more verbose/debug information add -v or -vv or -vvv to your ssh command.
Also look at ssh logs on server side if possible.
In your question you could tidy up the log messages.
Same error seen on this question here and I can see they did chown 744 .ssh/authorized_keys in dockerfile which is the wrong way to set permissions for an authorized_keys file.
https://superuser.com/questions/1403715/why-i-am-getting-error-server-rejected-the-1-private-key-error-on-setting-up-s/1443503#1443503
When I run this command sudo puppet agent --test, I get this message
Error: Could not request certificate: Error 500 on SERVER:
On the [main] section of the puppet.conf file, I put server=puppet, and then in my /etc/hosts file, I put 10.XX.XX.X puppet entry. Even, if I put the plain DNS of the master in the puppet.conf, and add the ip 10.XX.XX.X my_plain_master_DNS, I still get the same error. If I run puppet agent --test --server my_plain_master_DNS, I still get the same error. How can I solve that ?
Now I got it, in fact there was an issue with my master not starting because of an Address already in use problem. After checking some docs; I found that it may come from apache binding the 8140 port, preventing puppet to use it. So I stopped the apache server, started the puppet master and then started again apache, and it worked !
I can't figure out how to scp a file to another machine if there is a gateway connecting my client machine to the remote server. From my client machine I can connect to both the gateway and subsequently to the remote server using SSH without any problems.
When I try to scp my directory dir to the remote server I have no clue how to move past the gateway, because my ssh connection is actually an two-step approach. Scp'ing dir to the gateway first fails, with the remark "Permission denied".
Something like
~$: scp -r /var/www/dir usrname#remotesrv.com:/var/www/dircp
doesn't work and the only approach I found so far involves public/private keys. Is it only possible to copy files through a gateway with keys? And if that's so, can somebody tell me how to overcome the problem with copy&pasting into the terminal which sometimes just won't work (using Ubuntu 11.10). Already installed autokey hoping to circumvent buggy Ubuntu shortcuts by changing them to another hotkey, but the program is crashing all the time.
I would appreciate your help in one way or another!