Develop Reference

Can't connect to Jenkins Slave No Known Hosts file was found at /var/jenkins_home/.ssh/known_hosts

Here are my jenkins config:
Error message:
/var/jenkins_home/.ssh/known_hosts [SSH] No Known Hosts file was found at /var/jenkins_home/.ssh/known_hosts. Please ensure one is created at this path and that Jenkins can read it.
No matter how much I tried it doesn't work. I've read this post, but still no solution.

I got the same error while launching slave.It has to do with the SSH Slave Plugin. What worked for me was changing the Host key verification strategy in LAUNCH METHOD from "Known Hosts file verification strategy" to "Manually trusted key verification strategy".
CONFIGURE AGENT -> LAUNCH METHOD -> Manually trusted key verification
strategy - > SAVE.
Hope this helps.

The problem is that Jenkins causes confusion by reporting that the file is missing under /var/jenkins_home/, which is a hard-coded value. Instead, it should be telling you that the file is missing under your actual $JENKINS_HOME path. That way, you would immediately know where to look.
So the easiest way to fix this is to:
Go to the actual $JENKINS_HOME directory on your Jenkins master, and create a .ssh directory and known_hosts file under it, for example:
$ mkdir $JENKINS_HOME/.ssh
$ touch $JENKINS_HOME/.ssh/known_hosts
If you've ever SSH-ed from Jenkins master to your slave machine before, then you should already have a known_hosts file under your ~/.ssh directory. If you don't, then SSH from Jenkins master to Jenkins slave machine and it will get automatically created for you under ~/.ssh directory for that user.
Now open that ~/.ssh/known_hosts file and simply copy>paste the line that contains your slave machine's IP address to the $JENKINS_HOME/.ssh/known_hosts file. Alternative way is to copy the entire ~/.ssh/known_hosts file to $JENKINS_HOME/.ssh directory if that is easier for you.

A very simple step helped me to recover this error.
In Slave configuration, select "No verifying verification strategy" for Host Key Verification Strategy. This will allow master to connect with slave and host will also be remembered.
Next time on selecting "Known host file verification strategy" will not give this error.

how to setup ssh keys for jenkins to publish via ssh

Jenkins requires a certificate to use the ssh publication and ssh commands. It can be configured under "manage jenkins" -> "Configure System"-> "publish over ssh".
The question is: How does one create the certificates?
I have two ubuntu servers, one running Jenkins, and one for running the app.
Do I set up a Jenkins cert and put part of it on the deployment box, or set up a cert on the deployment box, and put part of it on Jenkins? Does the cert need to be in the name of a user called Jenkins, or can it be for any user? We don't have a Jenkins user on the development box.
I know there are a number of incompatible ssh types, which does Jenkins require?
Has anyone found a guide on how to set this all up (how to generate keys, where to put them etc.)?

You will need to create a public/private key as the Jenkins user on your Jenkins server, then copy the public key to the user you want to do the deployment with on your target server.
Step 1, generate public and private key on build server as user jenkins
build1:~ jenkins$ whoami
jenkins
build1:~ jenkins$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/jenkins/.ssh/id_rsa):
Created directory '/var/lib/jenkins/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/jenkins/.ssh/id_rsa.
Your public key has been saved in /var/lib/jenkins/.ssh/id_rsa.pub.
The key fingerprint is:
[...]
The key's randomart image is:
[...]
build1:~ jenkins$ ls -l .ssh
total 2
-rw------- 1 jenkins jenkins 1679 Feb 28 11:55 id_rsa
-rw-r--r-- 1 jenkins jenkins 411 Feb 28 11:55 id_rsa.pub
build1:~ jenkins$ cat .ssh/id_rsa.pub
ssh-rsa AAAlskdjfalskdfjaslkdjf... jenkins#myserver.com
Step 2, paste the pub file contents onto the target server.
target:~ bob$ cd .ssh
target:~ bob$ vi authorized_keys (paste in the stuff which was output above.)
Make sure your .ssh dir has permissoins 700 and your authorized_keys file has permissions 644
Step 3, configure Jenkins
In the jenkins web control panel, nagivate to "Manage Jenkins" -> "Configure System" -> "Publish over SSH"
Either enter the path of the file e.g. "var/lib/jenkins/.ssh/id_rsa", or paste in the same content as on the target server.
Enter your passphrase, server and user details, and you are good to go!

You don't need to create the SSH keys on the Jenkins server, nor do you need to store the SSH keys on the Jenkins server's filesystem. This bit of information is crucial in environments where Jenkins servers instances may be created and destroyed frequently.
Generating the SSH Key Pair
On any machine (Windows, Linux, MacOS ...doesn't matter) generate an SSH key pair. Use this article as guide:
GitHub: Generating a new SSH key and adding it to the ssh-agent (you can skip the section "Adding your SSH key to the ssh-agent")
On the Target Server
On the target server, you will need to place the content of the public key (id_rsa.pub per the above article) into the .ssh/authorized_keys file under the home directory of the user which Jenkins will be using for deployment.
In Jenkins
Using "Publish over SSH" Plugin
Ref: https://plugins.jenkins.io/publish-over-ssh/
Visit: Jenkins > Manage Jenkins > Configure System > Publish over SSH
If the private key is encrypted, then you will need to enter the passphrase for the key into the "Passphrase" field, otherwise leave it alone.
Leave the "Path to key" field empty as this will be ignored anyway when you use a pasted key (next step)
Copy and paste the contents of the private key (id_rsa per the above article) into the "Key" field
Under "SSH Servers", "Add" a new server configuration for your target server.
Using Stored Global Credentials
Visit: Jenkins > Credentials > System > Global credentials (unrestricted) > Add Credentials
Kind: "SSH Username with private key"
Scope: "Global"
ID: [CREAT A UNIQUE ID FOR THIS KEY]
Description: [optionally, enter a decription]
Username: [USERNAME JENKINS WILL USE TO CONNECT TO REMOTE SERVER]
Private Key: [select "Enter directly"]
Key: [paste the contents of the private key (id_rsa per the above article)]
Passphrase: [enter the passphrase for the key, or leave it blank if the key is not encrypted]

For Windows:
Install the necessary plugins for the repository (ex: GitHub install GitHub and GitHub Authentication plugins) in Jenkins.
You can generate a key with Putty key generator, or by running the following command in git bash: $ ssh-keygen -t rsa -b 4096 -C your_email#example.com
Private key must be OpenSSH. You can convert your private key to OpenSSH in putty key generator
SSH keys come in pairs, public and private. Public keys are inserted in the repository to be cloned. Private keys are saved as credentials in Jenkins
You need to copy the SSH URL not the HTTPS to work with ssh keys.

Username it takes is "jenkins" while setting up the key credentials,
and then we need to switch to that user (in cli) in order to generate
key pair to make git connection work.
here are the steps
switch to jenkins user
sudo su - jenkins -s /bin/bash
Generate key pair
ssh-keygen
Configure private key in jenkins as described
Configure public key on git repository side in deploy key section
Test connection, it should work.
Note: This steps are for jenkins in local machine , ubuntu 20.04.

Jenkins CLI authentication - Getting java.io.EOFException

I've checked several threads regarding CLI access:
Jenkins CLI Authentication
Using the jenkins CLI (on fedora 23)
Jenkins CLI connection refused
And unfortunately it's not my case.
I'm trying to run the following command:
java.exe -jar jenkins-cli.jar -i C:\Users\myuser\.ssh\id_rsa -s http://MasterJenkins:port/ list-jobs All
And I'm getting the following execption:
Exception in thread "main" java.io.EOFException
at java.io.DataInputStream.readBoolean(DataInputStream.java:244)
at hudson.cli.Connection.readBoolean(Connection.java:93)
at hudson.cli.CLI.authenticate(CLI.java:565)
at hudson.cli.CLI._main(CLI.java:476)
at hudson.cli.CLI.main(CLI.java:387)
Going to : http://MasterJenkins:port/me/configure I made sure that the "SSH Public Keys" section is the same key I have in my public key. I was a month abroad, before leaving it worked, now it doesn't and my team member swears nothing changed in the system.
Any ideas?

I had a similar issue last week with my own ssh private/public key.
I fixed it by
Generating a new public/private key combination using ssh-keygen
bash-4.1$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/users/xxxxx/.ssh/id_rsa): JenkinsCLI
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in JenkinsCLI.
Your public key has been saved in JenkinsCLI.pub.
The key fingerprint is:
f6:4c:be:fc:cb:cd:d3:ee:8c:80:26:a2:57:df:67:14 xxxxx#eeeee
The key's randomart image is:
+--[ RSA 2048]----+
Private file
Copy and paste the content of JenkinsCLI in your .private file
Public file
log into Jenkins>Click your Login id dropdown>Configure>SSH Public Keys
copy and paste the content of JenkinsCLI.pub file into SSH Public Keys text area
You should be able to authenticate.

Jenkins - unable to copy build artifacts to desired root folder on target machine

We are just starting with Jenkins for CI - so we're definitely in the newbie phase here. Here's what we are trying to do:
We are using Publish Over SSH Jenkins plugin to transfer the build artifacts to a target server and into a specific root folder - lets call it /var/mycompany/myapp and this is where the problem is happening.
We have configured the Publish Over SSH plugin to use a key in order to make the connection to the target server. In Manage Jenkins > Configure System > SSH Servers section we have also configured our target ssh server (name/hostname/username/remote folder etc). The connection is successful when tested.
The build job has been configured to "Send artifacts over SSH" as a post-build action. Now this works fine as long as I send the files to my user's home folder location on the target server (ie it will create the necessary ~/var/mycompany/mayapp folder structure and transfer all the files). BUT - if I change the "Publish over SSH" config to use a Remote Directory of "/" the job fails with the following error:
SSH: Connecting from host [myjenkins] SSH: Connecting with
configuration [stage-tester] ... SSH: Creating session: username
[myusername], hostname [x.x.x.x], port [22] SSH: Connecting session
... SSH: Connected SSH: Opening SFTP channel ... SSH: SFTP channel
open SSH: Connecting SFTP channel ... SSH: Connected SSH: cd [/] SSH:
OK SSH: cd [var] SSH: OK SSH: cd [mycompany] SSH: OK SSH: mkdir
[myapp] SSH: FAILED: Message [Permission denied]
At first this made sense to us as the key was created by a specific user who was not a sudoer on the target Linux/Fedora server. So We made the user a member of a sudoer group expecting that this would solve the problem. It hasn't fixed the issue - we continue to get the "permission denied" error. So the question is how to we go about gaining access to the server root for our user/key?
Any advice is appreciated.
Thanks!

In the end this is the solution I used:
Using instructions found here I setup a "jenkins-chef" ssh keypair in the /var/lib/jenkins/.ssh folder and transferred the public key to the jenkins user's authorizedkeys file on my target deployment server.
chown the keypair in /var/lib/jenkins/.ssh (from step 1) to the "jenkins" user so that the Jenkins ssh server configuration in step 3 can read the key
Set up an SSH server reference in Jenkins: under Manage Jenkins > Configure System > SSH Servers > Added new ssh server ref pointing at my target deployment server using the 'jenkins' username and path to the new key (/var/lib/jenkins/.ssh/jenkins-chef). Also, we wanted to publish to a folder off of the target server's root (/) folder and it turned out to be important that we specify the "remote directory" as '/' (root)
In my Jenkins job I added a new build step using the 'send files or execute commands over ssh' plugin. I configured it to use the ssh server I defined in step 3:
source files: **/*
exec command: sudo chef-client
remote directory: var/my-apps/my-app
Note: If I attempted to specify remote directory with initial root slash (/var/my-apps/my-app) it would copy then to the Jenkins user's home folder and simply create the specified folder structure. That's why specifying '/' in step 3 was important.
That's it from the Jenkins side. However the first time I tried to run this I got this error:
SSH: EXEC: STDOUT/STDERR from command [sudo chef-client] ... sudo: no
tty present and no askpass program specified
This was because I was attempting to run 'sudo' which issues a password challenge on the target server. To avoid this I made the following change to the sudoers file on the target server using the 'visudo' command: at the bottom of the file I added this line to give the jenkins user the ability to run sudo without being prompted for a password:
jenkins ALL=(ALL) NOPASSWD:ALL
Once that was done it all worked as expected.

As you are working with Linux machines, you can try to use the SCP Plugin.
In the global configuration, you just have to define the target server like that:
You can use your jenkins public ssh key to manage the authentication or a user/pwd.
Next, in the Jenkins job, you can create a post build task to copy the relevant artifacts on your server:

ant & cvs prompting password although password should come from PageAnt

I have ant build file, that should take cvs checkouts when called. I can call it ok, but when ant uses cvs to connect to cvs repo, the repo prompts for password and obviously ant command fails.
I have CVSROOT environment variable pointing to same location where I took the initial checkout for the project with TortoiseCVS, having ssh as protocol.
I also have putty's pageant running and an environment variable CVS_RSH pointing to plink.exe of putty. That combination should make the connection via putty, 'cause from pageAnt menu the connection opens without prompts.
My operation system is Windows 8.
Question here is, that why ant build fails on cvs server password prompt, although PageAnt otherwise is enabling promptless access via ssh+cvs?

Ant cvs task invokes cvs.exe command line from PATH so if everything works properly from command line, there is (almost) no reason it will fail from Ant.
Here is a checklist with points to verify:
CVSROOT must contain username and specify ext protocol, :ext:username#cvserver.domain.ldt:/path/to/repository
CVS_RSH must point to plink.exe with absolute file path and you have to ensure it will use SSH protocol
Your SSH private key must have been loaded into Pageant for the same user session as the user running Ant script
If it does not help, please provide more details about your cvs task options and your workstation setup.
When running without any user session opened and Pageant cannot help, often for continuous integration tools, a better option is to pass all arguments like username and private key file to plink directly in CVS_RSH variable:
CVS_RSH="C:\path\to\plink.exe -batch -ssh -l username -i C:\path\user\ssh-privatekey.ppk"
Of course, in such a case, your private key file must not be protected with a passphrase.