I Have installed 'Publish Over SSH' plugin in Jenkins and would like to transfer few files to SSH Server after each Build .
I have generated the private key using puttygen with passphrase and have given the OpenSSH Public Key in 'authorization_keys' in SSH Server.
Using the generated private key and passphrase , I'm able to login to the SSH Server through PuTTY.
But in Jenkins I'm not able to add the SSH Key. Getting the below Error.
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [The cipher 'aes256-cbc' is required, but it is not available.
Most of the tools (including Jenkins) support keys in OpenSSH format (generated using ssh-keygen), not in the PuTTY format (generated using PuTTYgen). Generate a new key using ssh-keygen or convert the PPK to OpenSSH format.
I wrote the following information in the SO Documentation.
Convert PPK (PuTTY key) to OpenSSH format
You might receive from your peer private key in PPK format, which seems it does not work in OpenSSH (command-line ssh). The client will be asking for the passphrase, because of OpenSSH bug.
$ ssh -i mykey.ppk example.com
Enter passphrase for mykey.ppk:
You need to convert the key to OpenSSH format using PuTTYgen (command-line version):
puttygen mykey.ppk -o mykey.key -O private-openssh
Or in GUI version:
Open PuttyGen
Click Load
Load your private key
Go to Conversions->Export OpenSSH and export your private key
Copy your private key to ~/.ssh/id_rsa
Source: SO answer, Unix SE answer
Related
I need to perform a check on the SSH Credentials in a Jenkins server against some of our accounts in GitHub.
Now, using the GitHub API, I can pull a list of pubkeys associated to an account.
Using com.cloudbees.plugins.credentials I can dump the credentials in the Jenkins server. For SSH Credentials, I only get the Private Key (and its password), but neither the Public Key nor Keysig is available.
Is there a way to get SSH Public Key and/or SSH Key Signature from the retrieved Private Key?
Once you got the private keys from jenkins using the com.cloudbees.plugins.credentials, you can generate the the public key associated to each one using the next commands:
For example:
ssh-keygen -e -f private_key > private_key.pub
You can also identify the user in GitHub using the private key by executing:
ssh -i /path/to/private_key -T git#github.com
Cheers
I use Publish over SSH in Jenkins to connect to remote server. I already have a private key(in OpenSSH format starts with -----BEGIN OPENSSH PRIVATE KEY-----) that works perfectly from shell under jenkins user but when I use it from web interface it throws
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: [B#4bba7224]
At the same time I generated another key on Jenkins machine (Debian GNU/Linux 9 in Docker) and copied id_rsa.pub to remote machine. This key is different and starts with -----BEGIN RSA PRIVATE KEY----- and for this key error is Message [Auth fail] so it understand the key.
I just came across the same issue. The plugin was confused by the newer OpenSSH format (I also had a private key starting with -----BEGIN OPENSSH PRIVATE KEY-----).
I saved the key and loaded it in PuTTyGen, then Conversions-> Export OpenSSH Key (notice there is a "Export OpenSSH Key (force new file format)" which we don't want. This is on Windows obviously; I'm not sure what equivalent would be on other OS'es.
My newly exported key started with -----BEGIN RSA PRIVATE KEY-----and the plugin accepted it after this.
Jenkins requires a certificate to use the ssh publication and ssh commands. It can be configured under "manage jenkins" -> "Configure System"-> "publish over ssh".
The question is: How does one create the certificates?
I have two ubuntu servers, one running Jenkins, and one for running the app.
Do I set up a Jenkins cert and put part of it on the deployment box, or set up a cert on the deployment box, and put part of it on Jenkins? Does the cert need to be in the name of a user called Jenkins, or can it be for any user? We don't have a Jenkins user on the development box.
I know there are a number of incompatible ssh types, which does Jenkins require?
Has anyone found a guide on how to set this all up (how to generate keys, where to put them etc.)?
You will need to create a public/private key as the Jenkins user on your Jenkins server, then copy the public key to the user you want to do the deployment with on your target server.
Step 1, generate public and private key on build server as user jenkins
build1:~ jenkins$ whoami
jenkins
build1:~ jenkins$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
Created directory '/var/lib/jenkins/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
The key fingerprint is:
[...]
The key's randomart image is:
[...]
build1:~ jenkins$ ls -l .ssh
total 2
-rw------- 1 jenkins jenkins 1679 Feb 28 11:55 id_rsa
-rw-r--r-- 1 jenkins jenkins 411 Feb 28 11:55 id_rsa.pub
build1:~ jenkins$ cat .ssh/id_rsa.pub
ssh-rsa AAAlskdjfalskdfjaslkdjf... jenkins#myserver.com
Step 2, paste the pub file contents onto the target server.
target:~ bob$ cd .ssh
target:~ bob$ vi authorized_keys (paste in the stuff which was output above.)
Make sure your .ssh dir has permissoins 700 and your authorized_keys file has permissions 644
Step 3, configure Jenkins
In the jenkins web control panel, nagivate to "Manage Jenkins" -> "Configure System" -> "Publish over SSH"
Either enter the path of the file e.g. "var/lib/jenkins/.ssh/id_rsa", or paste in the same content as on the target server.
Enter your passphrase, server and user details, and you are good to go!
You don't need to create the SSH keys on the Jenkins server, nor do you need to store the SSH keys on the Jenkins server's filesystem. This bit of information is crucial in environments where Jenkins servers instances may be created and destroyed frequently.
Generating the SSH Key Pair
On any machine (Windows, Linux, MacOS ...doesn't matter) generate an SSH key pair. Use this article as guide:
GitHub: Generating a new SSH key and adding it to the ssh-agent (you can skip the section "Adding your SSH key to the ssh-agent")
On the Target Server
On the target server, you will need to place the content of the public key (id_rsa.pub per the above article) into the .ssh/authorized_keys file under the home directory of the user which Jenkins will be using for deployment.
In Jenkins
Using "Publish over SSH" Plugin
Ref: https://plugins.jenkins.io/publish-over-ssh/
Visit: Jenkins > Manage Jenkins > Configure System > Publish over SSH
If the private key is encrypted, then you will need to enter the passphrase for the key into the "Passphrase" field, otherwise leave it alone.
Leave the "Path to key" field empty as this will be ignored anyway when you use a pasted key (next step)
Copy and paste the contents of the private key (id_rsa per the above article) into the "Key" field
Under "SSH Servers", "Add" a new server configuration for your target server.
Using Stored Global Credentials
Visit: Jenkins > Credentials > System > Global credentials (unrestricted) > Add Credentials
Kind: "SSH Username with private key"
Scope: "Global"
ID: [CREAT A UNIQUE ID FOR THIS KEY]
Description: [optionally, enter a decription]
Username: [USERNAME JENKINS WILL USE TO CONNECT TO REMOTE SERVER]
Private Key: [select "Enter directly"]
Key: [paste the contents of the private key (id_rsa per the above article)]
Passphrase: [enter the passphrase for the key, or leave it blank if the key is not encrypted]
For Windows:
Install the necessary plugins for the repository (ex: GitHub install GitHub and GitHub Authentication plugins) in Jenkins.
You can generate a key with Putty key generator, or by running the following command in git bash: $ ssh-keygen -t rsa -b 4096 -C your_email#example.com
Private key must be OpenSSH. You can convert your private key to OpenSSH in putty key generator
SSH keys come in pairs, public and private. Public keys are inserted in the repository to be cloned. Private keys are saved as credentials in Jenkins
You need to copy the SSH URL not the HTTPS to work with ssh keys.
Username it takes is "jenkins" while setting up the key credentials,
and then we need to switch to that user (in cli) in order to generate
key pair to make git connection work.
here are the steps
switch to jenkins user
sudo su - jenkins -s /bin/bash
Generate key pair
ssh-keygen
Configure private key in jenkins as described
Configure public key on git repository side in deploy key section
Test connection, it should work.
Note: This steps are for jenkins in local machine , ubuntu 20.04.
I've checked several threads regarding CLI access:
Jenkins CLI Authentication
Using the jenkins CLI (on fedora 23)
Jenkins CLI connection refused
And unfortunately it's not my case.
I'm trying to run the following command:
java.exe -jar jenkins-cli.jar -i C:\Users\myuser\.ssh\id_rsa -s http://MasterJenkins:port/ list-jobs All
And I'm getting the following execption:
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
at hudson.cli.Connection.readBoolean(Connection.java:93)
at hudson.cli.CLI.authenticate(CLI.java:565)
at hudson.cli.CLI._main(CLI.java:476)
at hudson.cli.CLI.main(CLI.java:387)
Going to : http://MasterJenkins:port/me/configure I made sure that the "SSH Public Keys" section is the same key I have in my public key. I was a month abroad, before leaving it worked, now it doesn't and my team member swears nothing changed in the system.
Any ideas?
I had a similar issue last week with my own ssh private/public key.
I fixed it by
Generating a new public/private key combination using ssh-keygen
bash-4.1$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/users/xxxxx/.ssh/id_rsa): JenkinsCLI
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in JenkinsCLI.
Your public key has been saved in JenkinsCLI.pub.
The key fingerprint is:
f6:4c:be:fc:cb:cd:d3:ee:8c:80:26:a2:57:df:67:14 xxxxx#eeeee
The key's randomart image is:
+--[ RSA 2048]----+
Private file
Copy and paste the content of JenkinsCLI in your .private file
Public file
log into Jenkins>Click your Login id dropdown>Configure>SSH Public Keys
copy and paste the content of JenkinsCLI.pub file into SSH Public Keys text area
You should be able to authenticate.
I'm expericing the following error when trying to use the Publish Over SSH plugin to jenkins when using a different key.
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: TheKey]
I've tried different alternatives of using the path to key and the key field itself.
Has anyone experienced / solved this issue?
If someone came across this type of error.
Jenkins "Publish Over SSH plugin" accept private key in OpenSSH format format.
Please use below steps, to convert private key in OpenSSH format.
Using Putty gen.
Open PuttyGen
Click Load
Load your private key (Enter passphrase if required)
Go to Conversions->Export OpenSSH and export your private key
Copy and paste the private key into the Key section of Jenkins SSH Server.
Enter Passphrase.
Click on "Test Configuration" button, "Success" :)
In your path (to the key), do you have both public and private keys in this folder?
I think It's mandatory when you pair 2 machines.
Since you are using a different key, you will have a public and private key pair. The public key has to be added to the target server autorized_keys file with in the <$HOME user>/.ssh/ and the private key has to configured in the Jenkins either using the path to key and the key field itself.