Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11873

when ssh authent fails BUT credentials are explicitly set, cli claim to connect as anonymous

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Trivial Trivial
    • cli
    • None

      Using v1.430 with LDAP Security Realm and Project-based Matrix Authorization Strategy Authorization
      From a Linux box with a .ssh dir containing private and public key files:

      $ java -jar jenkins-cli.jar -s http://jenkins:8080/ build -s test --username user --password-file password.txt
      Failed to authenticate with your SSH keys. Proceeding with anonymous access
      Completed test_promo #5 : SUCCESS

      --> accepts provided credentials and works, but shows a misleading message (it is not using anonymous access)

          [JENKINS-11873] when ssh authent fails BUT credentials are explicitly set, cli claim to connect as anonymous

          This is because the server does proceed with the anonymous access at the time of printing out this message.
          It then uses --username and --password-file to authenticate the user, which succeeds, hence the whole thing completes.

          Basically, it's two systems interacting in an unexpected way (and given that CliAuthenticator is extensible, I don't see how they can work together.)

          I'm going to fix this by simply removing "Proceeding with anonymous access" from the message in all cases. I think if the command fails due to the access control, then hopefully the user can relate that with the error message "Failed to authenticate with your SSH keys" and still notice that they need to fix the permission stuff.

          Kohsuke Kawaguchi added a comment - This is because the server does proceed with the anonymous access at the time of printing out this message. It then uses --username and --password-file to authenticate the user, which succeeds, hence the whole thing completes. Basically, it's two systems interacting in an unexpected way (and given that CliAuthenticator is extensible, I don't see how they can work together.) I'm going to fix this by simply removing "Proceeding with anonymous access" from the message in all cases. I think if the command fails due to the access control, then hopefully the user can relate that with the error message "Failed to authenticate with your SSH keys" and still notice that they need to fix the permission stuff.

          Fixed in 1.445.

          Kohsuke Kawaguchi added a comment - Fixed in 1.445.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          cli/src/main/java/hudson/cli/CLI.java
          http://jenkins-ci.org/commit/jenkins/eec37460daf0ff4c42adb82d3c66629bc4e85223
          Log:
          [FIXED JENKINS-11873] don't say proceeding with anonouymous because we might not

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html cli/src/main/java/hudson/cli/CLI.java http://jenkins-ci.org/commit/jenkins/eec37460daf0ff4c42adb82d3c66629bc4e85223 Log: [FIXED JENKINS-11873] don't say proceeding with anonouymous because we might not

          dogfood added a comment -

          Integrated in jenkins_main_trunk #1372
          [FIXED JENKINS-11873] don't say proceeding with anonouymous because we might not

          Kohsuke Kawaguchi : eec37460daf0ff4c42adb82d3c66629bc4e85223
          Files :

          • cli/src/main/java/hudson/cli/CLI.java
          • changelog.html

          dogfood added a comment - Integrated in jenkins_main_trunk #1372 [FIXED JENKINS-11873] don't say proceeding with anonouymous because we might not Kohsuke Kawaguchi : eec37460daf0ff4c42adb82d3c66629bc4e85223 Files : cli/src/main/java/hudson/cli/CLI.java changelog.html

            ndeloof Nicolas De Loof
            ndeloof Nicolas De Loof
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: