I'm trying to send some files to a remote machine using Ant <scp> but getting no response from server error.
Tried with verbose option and got following response.
[scp] Authentications that can continue: publickey,keyboard-interactive,password
[scp] Next authentication method: publickey
[scp] Authentications that can continue: keyboard-interactive,password
[scp] Next authentication method: keyboard-interactive
[scp] Authentications that can continue: password
[scp] Next authentication method: password
[scp] Authentication succeeded (password).
[scp] Disconnecting from xx-hostname-xx port 22
[scp] Caught an exception, leaving main loop due to socket closed
code has no issues since it's working fine with other host machines. Issue must be somewhere else. Have anyone came across this issue before? Thanks in advance.
P.S: I can connect to the remote machine from my local using putty without any issues. I have installed openssh on the remote machine.
Is the scp program installed on the remote system? The local scp instance (or ant in this case, I suppose) needs to run another copy of scp on the remote system. If the local program failed to run scp on the remote system, you'd get this behavior.
Edit:
Your local scp client (ant in this case) is going to make an ssh connection to the remote host. Through that connection it's going to try to run a program named "scp" on the remote system. The two scp instances will communicate to do the file transfer. So the program on the remote system has to be named "scp", and it has to be in the command path of the ssh session. I don't think WinSCP fulfills either of these criteria. It doesn't install a program named "scp" or "scp.exe". And at least on my PC, it didn't install itself into my command path.
The simple test would be to make an interactive ssh connection to the remote system and see if you can run "scp" within that session. If you get an error, then ant is also going to get an error.
Related
Jenkins SSH server showing mentioned error Algorithm negotiation fail while trying to set up with over the SSH plugin when trying to connect over ssh to a local server (Linux Container). I am able to connect using ssh on the terminal.
jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [anisbleHOST]. Message [Algorithm negotiation fail]]
Ubuntu machine - auth.log
Unable to negotiate with xx.xx.xx.x port 39866: no matching host key type found. Their offer: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 [preauth]
tried with the mentioned below sshd_config values but no luck.
HostKeyAlgorithms ssh-ed25519-cert-v01#openssh.com,ssh-ed25519
KexAlgorithms curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
To resolve the above-mentioned issue first I made changes to /etc/ssh/sshd_config and regenerated RSA keys using ssh-keygen. Jenkins doesn't support keys generated using ed25519.
My New sshd_config -
HostKeyAlgorithms ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostCertificate /etc/ssh/ssh_host_key-cert.pub
KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384
PubkeyAcceptedKeyTypes ssh-rsa,ssh-rsa-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ssh-ed25519
TrustedUserCAkeys /etc/ssh/ssh_user_ca.pub
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
LogLevel DEBUG
Please UPVOTE if it helps you :)
I'm trying to connect to Windows agent use SSh(Launch agent agents via SSH)
Jenkins master(in Linux)
log:
[SSH] Opening SSH connection to 192.168.0.122:22.
[SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
ERROR: Server rejected the 1 private key(s) for my_bot (**********)
[SSH] Authentication failed.
Authentication failed.
Launch failed - cleaning up connection
[SSH] Connection closed.
I tried to add key to authorized_keys.. but it did not help
When ssh says "SSH host key" it means the keys in known_hosts.
Check .ssh/known_hosts to see that key.
Although "Connection will be allowed" implies this is not a problem for you.
So ignore that part of the error message.
Your real problem is "ERROR: Server rejected the 1 private key"...
Is they key exchanged ok?
Private key needs to be in jenkins. Also check file permissions.
Public key needs to be on server side. Probably .ssh/authorized_keys. Also check file permissions. Ssh will not allow keys to be used if permissions on .ssh or files contained inside are too open.
More information is needed to help solve the question:
In your question please show the ssh command you use - the full command - do you specify key with -i parameter ?
From jenkins command-line, can you ssh to the host using the same ssh command ?
Do ls -al on jenkins home .ssh dir and on server side .ssh dir to check permissions.
To get more verbose/debug information add -v or -vv or -vvv to your ssh command.
Also look at ssh logs on server side if possible.
In your question you could tidy up the log messages.
Same error seen on this question here and I can see they did chown 744 .ssh/authorized_keys in dockerfile which is the wrong way to set permissions for an authorized_keys file.
https://superuser.com/questions/1403715/why-i-am-getting-error-server-rejected-the-1-private-key-error-on-setting-up-s/1443503#1443503
Recently I got an error doing ssh to another remote server from Jenkins pipeline. I forget to save all the log but here's a part of it
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
In the error log, there's a suggestion to run this command to fix it
sudo ssh-keygen -f "/var/lib/jenkins/.ssh/known_hosts" -R "<<remote ssh ip>>"
so I ran it.
Previously some remote ssh command does run before it returns an error.
But now it seems can't connect to the remote at all, the remote ssh command fails from the beginning.
Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).
from How can I get rid of " WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" I tried running ssh-keygen -R <<remote ssh ip>> but the error still appear.
How can I recover the deleted line? or recreate a new one?
First, you have to understand what the message means before you "get rid of it".
The message means the destination server has changed its identity or someone is hacking you man-in-the-middle like and the server you are trying to reach, is not the server you think it is.
So first of all you must make sure there is no man-in-the-middle hack going on.
Then, you go into the known_hosts file and delete just the line with the server you are about to connect to.
After saving, you get asked wether you want to trust the server or not just as a connection to a yet unknown host.
I'm just starting out with jenkins and I'm having trouble to connect to a remote machine via rsync.
I guess jenkins doesn't know which ssh identity file to use or maybe it knows, but doesn't know how to decrypt it? From other questions i gathered that the Gtk-Warning is probably because it can't open the "enter keyphrase"-prompt.
rsync -azvh /var/lib/jenkins/workspace/ofen sascha#my_server:/my_project/ofen
No protocol specified
(ssh-askpass:19928): Gtk-WARNING **: cannot open display: :0
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(226) [sender=3.1.0]
Everything works fine when I try it from commandline.
Need to have the key loaded as part of Jenkin's SSH Agent configuration.
Add the private key to Jenkins via credentials/SSH private key including pass phrase if one is used
Enable SSH agent on the job and give it the credential
Things that use SSH keys and agents can now use the loaded key.
The "identity" depends on where your job is running:
when running on the master, it's the user that runs Jenkins
on a slave, it's the user that you use for connecting the slave
You need to add the public key of that identity to the .ssh/authorized_keys file of user sascha. This will enable public key-based authentication and rsync should run just fine.
I can't figure out how to scp a file to another machine if there is a gateway connecting my client machine to the remote server. From my client machine I can connect to both the gateway and subsequently to the remote server using SSH without any problems.
When I try to scp my directory dir to the remote server I have no clue how to move past the gateway, because my ssh connection is actually an two-step approach. Scp'ing dir to the gateway first fails, with the remark "Permission denied".
Something like
~$: scp -r /var/www/dir usrname#remotesrv.com:/var/www/dircp
doesn't work and the only approach I found so far involves public/private keys. Is it only possible to copy files through a gateway with keys? And if that's so, can somebody tell me how to overcome the problem with copy&pasting into the terminal which sometimes just won't work (using Ubuntu 11.10). Already installed autokey hoping to circumvent buggy Ubuntu shortcuts by changing them to another hotkey, but the program is crashing all the time.
I would appreciate your help in one way or another!