Running rsync from jenkins shell script - jenkins

I'm just starting out with jenkins and I'm having trouble to connect to a remote machine via rsync.
I guess jenkins doesn't know which ssh identity file to use or maybe it knows, but doesn't know how to decrypt it? From other questions i gathered that the Gtk-Warning is probably because it can't open the "enter keyphrase"-prompt.
rsync -azvh /var/lib/jenkins/workspace/ofen sascha#my_server:/my_project/ofen
No protocol specified
(ssh-askpass:19928): Gtk-WARNING **: cannot open display: :0
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(226) [sender=3.1.0]
Everything works fine when I try it from commandline.

Need to have the key loaded as part of Jenkin's SSH Agent configuration.
Add the private key to Jenkins via credentials/SSH private key including pass phrase if one is used
Enable SSH agent on the job and give it the credential
Things that use SSH keys and agents can now use the loaded key.

The "identity" depends on where your job is running:
when running on the master, it's the user that runs Jenkins
on a slave, it's the user that you use for connecting the slave
You need to add the public key of that identity to the .ssh/authorized_keys file of user sascha. This will enable public key-based authentication and rsync should run just fine.

Related

Jenkins cannot connect to EC2 using private key, but I can connect using Putty

I recently inherited a Jenkins instance running on an AWS EC2 server. It has several pipelines to different EC2 servers that are running successfully. I'm having trouble adding a new node to a new EC2 web server.
I have an account on that new web server named jenkins. I generated keys, added the ssh-rsa key to ~/.ssh/authorized_keys, and verified I was able to connect with the jenkins user via Putty.
In Jenkins, under Dashboard > Credentials > System > Global Credentials, I created new credentials as follows:
Username: jenkins
Private Key -> Enter Key Directly: Pasted in the key beginning with "BEGIN RSA PRIVATE KEY":
Finally, I created a new node using those credentials, to connect via SSH and use the "Known hosts file Verification Strategy."
Unfortunately, I'm getting the following error when I attempt to launch the agent:
[01/04/22 22:16:43] [SSH] WARNING: No entry currently exists in the
Known Hosts file for this host. Connections will be denied until this
new host and its associated key is added to the Known Hosts file. Key
exchange was not finished, connection is closed.
I verified I have the correct Host name configured in my node.
I don't know what I'm missing here, especially since I can connect via Putty.
Suggestions?
Have you added the new node to the known hosts file on the Controller node?
I assume Putty was your local machine rather than the controller?
See this support article for details
https://support.cloudbees.com/hc/en-us/articles/115000073552-Host-Key-Verification-for-SSH-Agents#knowhostsfileverificationstrategy
Sounds like your system doesn't allow for automatic hostkeys into the known_hosts file. You can check for the UpdateHostKeys flag in either your user, system, or potentially whatever user Jenkins runs under, SSH Config file. You can read more about the specific flag I'm talking about here.
If you need to add that hostkey manually, here's a nice write up for how to do it.

Jenkins slave configuration issue in linux

I am facing the below issue please have a look. Thanks in advance.
Searching for lokesh in /var/lib/jenkins/.ssh/known_hosts
Searching for lokesh:22 in /var/lib/jenkins/.ssh/known_hosts
[06/04/20 12:59:45] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 15 seconds. There are 8 more retries left.
You should add the ssh key (created on the slave) to your known hosts file of in the master (Jenkins user). Follow this link
Also you can try one more thing if this does not work. There is an option of Host key verification strategy in jenkins node setup.
Select Non verifying verification strategy and check.
Let me know if this helps.
run this on your Jenkins server:
ssh-keyscan -H ${IP-OF-AGENT} > ~/.ssh/known_hosts

Why Jenkins says in SSH host key matches key seen previously for this host. Connection will be allowed. ERROR: Server rejected the 1 private key(s)

I'm trying to connect to Windows agent use SSh(Launch agent agents via SSH)
Jenkins master(in Linux)
log:
[SSH] Opening SSH connection to 192.168.0.122:22.
[SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
ERROR: Server rejected the 1 private key(s) for my_bot (**********)
[SSH] Authentication failed.
Authentication failed.
Launch failed - cleaning up connection
[SSH] Connection closed.
I tried to add key to authorized_keys.. but it did not help
When ssh says "SSH host key" it means the keys in known_hosts.
Check .ssh/known_hosts to see that key.
Although "Connection will be allowed" implies this is not a problem for you.
So ignore that part of the error message.
Your real problem is "ERROR: Server rejected the 1 private key"...
Is they key exchanged ok?
Private key needs to be in jenkins. Also check file permissions.
Public key needs to be on server side. Probably .ssh/authorized_keys. Also check file permissions. Ssh will not allow keys to be used if permissions on .ssh or files contained inside are too open.
More information is needed to help solve the question:
In your question please show the ssh command you use - the full command - do you specify key with -i parameter ?
From jenkins command-line, can you ssh to the host using the same ssh command ?
Do ls -al on jenkins home .ssh dir and on server side .ssh dir to check permissions.
To get more verbose/debug information add -v or -vv or -vvv to your ssh command.
Also look at ssh logs on server side if possible.
In your question you could tidy up the log messages.
Same error seen on this question here and I can see they did chown 744 .ssh/authorized_keys in dockerfile which is the wrong way to set permissions for an authorized_keys file.
https://superuser.com/questions/1403715/why-i-am-getting-error-server-rejected-the-1-private-key-error-on-setting-up-s/1443503#1443503

Ant: SCP:No response from server

I'm trying to send some files to a remote machine using Ant <scp> but getting no response from server error.
Tried with verbose option and got following response.
[scp] Authentications that can continue: publickey,keyboard-interactive,password
[scp] Next authentication method: publickey
[scp] Authentications that can continue: keyboard-interactive,password
[scp] Next authentication method: keyboard-interactive
[scp] Authentications that can continue: password
[scp] Next authentication method: password
[scp] Authentication succeeded (password).
[scp] Disconnecting from xx-hostname-xx port 22
[scp] Caught an exception, leaving main loop due to socket closed
code has no issues since it's working fine with other host machines. Issue must be somewhere else. Have anyone came across this issue before? Thanks in advance.
P.S: I can connect to the remote machine from my local using putty without any issues. I have installed openssh on the remote machine.
Is the scp program installed on the remote system? The local scp instance (or ant in this case, I suppose) needs to run another copy of scp on the remote system. If the local program failed to run scp on the remote system, you'd get this behavior.
Edit:
Your local scp client (ant in this case) is going to make an ssh connection to the remote host. Through that connection it's going to try to run a program named "scp" on the remote system. The two scp instances will communicate to do the file transfer. So the program on the remote system has to be named "scp", and it has to be in the command path of the ssh session. I don't think WinSCP fulfills either of these criteria. It doesn't install a program named "scp" or "scp.exe". And at least on my PC, it didn't install itself into my command path.
The simple test would be to make an interactive ssh connection to the remote system and see if you can run "scp" within that session. If you get an error, then ant is also going to get an error.

Host key verification failed using gitlab and jenkins

I get Host key verification failed error whenever I try to put my GITLAB git address into Jenkins.
I've tried:
- using multiple different SSH paths. Including removing : and replacing /. Used http
- I've ssh and tried to run the command in the terminal, when prompted to say y/n I pressed Y.
- It works with Github.
- I've tried going to my jenkins/.ssh/ida_pub and adding my keys.
Failed to connect to repository : Command "/usr/local/git/bin/git ls-remote -h git#:/.git HEAD" returned status code 128:
stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
If you make the repo you are trying to connect to public in Gitlab (Settings -> Edit Project -> Public mode) you should be able to connect using http (but only http).
If the repo is not public you will need to install an SSH key on Jenkins that has permissions to access the repo. My understanding is that the Jenkins git plugin does not currently use the SSH credentials already stored in Jenkins so you will need to install the key on the master and slaves that will run this build. How you do this will depend on your OS but I find it easiest to use an SSH config file on Linux.

Resources