[JENKINS-17366] ssh slave login via keyfile not working in 0.23

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: ssh-slaves-plugin
Labels:
None
Environment:
Ubuntu

Similar Issues:
Powered by SuggestiMate

Show

I updated to 1.480.3 (from 1.480.2) so i also updated all plugins
-> so ssh-slaves was updated from 0.22 to 0.23

The upgrade process seems to have created all needed entries for the ssh-credentials plugin. But they are not working (keyfile + pwd type)! [TRACE]

The same effect appears when i create the new entry manually. Which does NOT work when:

using "Enter directly"
using "From a file on Jenkins master " with relative or absolute path
using "From the Jenkins master ~/.ssh"
using not the keyfile password but the password of the user

There also no changes in the error message when typing in a wrong username, or a wrong password.

It only works when loging in with username password combination. So i would say the keyfile authentication is completely broken.

PS: via plain ssh i can login with that keyfile.

TRACE:

[03/26/13 16:51:01] [SSH] Opening SSH connection to 192.168.0.24:22.
[03/26/13 16:51:01] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:907)
at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:462)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:224)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
[03/26/13 16:51:01] [SSH] Connection closed.

is duplicated by

JENKINS-17519 After upgrading to Jenkins 1.510 from Jenkins 1.508 Slave Nodes will not come online

Resolved

JENKINS-17839 1.514 breaks SSH nodes

Closed

Stephen Morrison added a comment - 2013-04-03 05:31

I'm seeing something similar, where when I select the correct credential with the right username it works, but when I come back later the credential in the slave config has mysteriously changed to be the user of the Master and Jenkins can no longer log into the slave.

Stephen Morrison added a comment - 2013-04-03 05:31 I'm seeing something similar, where when I select the correct credential with the right username it works, but when I come back later the credential in the slave config has mysteriously changed to be the user of the Master and Jenkins can no longer log into the slave.

Yves Schumann added a comment - 2013-04-03 11:32

Same here. Interaction with credential plugin seems to be wrong/broken. Rollback to 0.22 solved the problem.

Yves Schumann added a comment - 2013-04-03 11:32 Same here. Interaction with credential plugin seems to be wrong/broken. Rollback to 0.22 solved the problem.

Kohsuke Kawaguchi added a comment - 2013-04-16 01:44

I've been trying the upgrade scenario today, and so far I have been unable to reproduce this problem.

I created a passphrase-protected private key and used Jenkins 1.480 (with ssh-slaves plugin 0.22) to set up a slave. The slave also uses a different user name than what the master runs.

I then upgraded to Jenkins 1.511, which uses the ssh-slaves plugin 0.23, and I see that the configuration has been successfully migrated, and the slave connected as it should be. So there must be something deeper going on that what it appears.

I do agree with the poor error message. I have just fixed this. This would let us better understand what's going wrong. This error message fix will be in 0.24.

Kohsuke Kawaguchi added a comment - 2013-04-16 01:44 I've been trying the upgrade scenario today, and so far I have been unable to reproduce this problem. I created a passphrase-protected private key and used Jenkins 1.480 (with ssh-slaves plugin 0.22) to set up a slave. The slave also uses a different user name than what the master runs. I then upgraded to Jenkins 1.511, which uses the ssh-slaves plugin 0.23, and I see that the configuration has been successfully migrated, and the slave connected as it should be. So there must be something deeper going on that what it appears. I do agree with the poor error message. I have just fixed this. This would let us better understand what's going wrong. This error message fix will be in 0.24.

Kohsuke Kawaguchi added a comment - 2013-04-16 01:52

I've released 0.24 with improved error diagnostics.

If you are seeing this problem, please upgrade to ssh-slaves 0.24 and report the error message in the slave log that you see.

Also, as we still haven't quite determined the root cause yet, please report the type of the authentication method you use (username+password? private key? if so, with or without passphrase? do you specify the user name?)

Thanks for your cooperation!

Kohsuke Kawaguchi added a comment - 2013-04-16 01:52 I've released 0.24 with improved error diagnostics. If you are seeing this problem, please upgrade to ssh-slaves 0.24 and report the error message in the slave log that you see. Also, as we still haven't quite determined the root cause yet, please report the type of the authentication method you use (username+password? private key? if so, with or without passphrase? do you specify the user name?) Thanks for your cooperation!

Joakim Sandström added a comment - 2013-04-17 05:45 - edited

Using Jenkins 1.511 and slave-plugin 0.24.
SSH public key authentication without passphrase.

[04/17/13 08:18:57] [SSH] Opening SSH connection to limetti.x:22.
ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
hudson.security.AccessDeniedException2: anonymous is missing the Administer permission
	at hudson.security.ACL.checkPermission(ACL.java:54)
	at hudson.model.Node.checkPermission(Node.java:394)
	at com.cloudbees.plugins.credentials.SystemCredentialsProvider.save(SystemCredentialsProvider.java:178)
	at hudson.plugins.sshslaves.SSHLauncher.upgrade(SSHLauncher.java:407)
	at hudson.plugins.sshslaves.SSHLauncher.getCredentials(SSHLauncher.java:351)
	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:907)
	at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:473)
	at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:223)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
	at java.util.concurrent.FutureTask.run(FutureTask.java:166)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
	at java.lang.Thread.run(Thread.java:722)
[04/17/13 08:18:57] [SSH] Connection closed.

Joakim Sandström added a comment - 2013-04-17 05:45 - edited Using Jenkins 1.511 and slave-plugin 0.24. SSH public key authentication without passphrase. [04/17/13 08:18:57] [SSH] Opening SSH connection to limetti.x:22. ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. hudson.security.AccessDeniedException2: anonymous is missing the Administer permission at hudson.security.ACL.checkPermission(ACL.java:54) at hudson.model.Node.checkPermission(Node.java:394) at com.cloudbees.plugins.credentials.SystemCredentialsProvider.save(SystemCredentialsProvider.java:178) at hudson.plugins.sshslaves.SSHLauncher.upgrade(SSHLauncher.java:407) at hudson.plugins.sshslaves.SSHLauncher.getCredentials(SSHLauncher.java:351) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:907) at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:473) at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:223) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) at java.util.concurrent.FutureTask.run(FutureTask.java:166) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:722) [04/17/13 08:18:57] [SSH] Connection closed.

Joakim Sandström added a comment - 2013-04-17 05:47

I downgraded from 0.24 to 0.23 and now it works

Joakim Sandström added a comment - 2013-04-17 05:47 I downgraded from 0.24 to 0.23 and now it works

Kohsuke Kawaguchi added a comment - 2013-04-17 20:59

Joakim, are you sure 0.23 is working (as opposed to just not showing the stack trace?)
Also see ~~JENKINS-17648~~

Kohsuke Kawaguchi added a comment - 2013-04-17 20:59 Joakim, are you sure 0.23 is working (as opposed to just not showing the stack trace?) Also see JENKINS-17648

nel pontejos added a comment - 2015-01-21 18:32

Kohsuke, I downgraded to .23 but still doesn't work.

nel pontejos added a comment - 2015-01-21 18:32 Kohsuke, I downgraded to .23 but still doesn't work.

Vasu Devan added a comment - 2016-08-29 04:09

I am using jenkins version 2.7.2. I am also facing the same issue. I am able to login using ssh through command line. But connecting to slave node from jenkins UI is not working. I tried all the options of copy paste, absolute path, from jenkins master ~/.ssh folder. I got the below error.

[08/29/16 03:59:01] [SSH] Opening SSH connection to 172.17.0.3:22.
ERROR: Server rejected the 1 private key(s) for jenkins (credentialId:f3897dd0-5808-45a5-bd3e-a7a159d6eefb/method:publickey)
ERROR: Failed to authenticate as jenkins with credential=f3897dd0-5808-45a5-bd3e-a7a159d6eefb
java.io.IOException: Publickey authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:315)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:467)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:415)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:435)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Illegal len in DER object (1186)
at com.trilead.ssh2.crypto.SimpleDERReader.readSequenceAsByteArray(SimpleDERReader.java:136)
at com.trilead.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:355)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:224)
... 11 more
[08/29/16 03:59:01] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1217)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[08/29/16 03:59:01] Launch failed - cleaning up connection
[08/29/16 03:59:01] [SSH] Connection closed.

Vasu Devan added a comment - 2016-08-29 04:09 I am using jenkins version 2.7.2. I am also facing the same issue. I am able to login using ssh through command line. But connecting to slave node from jenkins UI is not working. I tried all the options of copy paste, absolute path, from jenkins master ~/.ssh folder. I got the below error. [08/29/16 03:59:01] [SSH] Opening SSH connection to 172.17.0.3:22. ERROR: Server rejected the 1 private key(s) for jenkins (credentialId:f3897dd0-5808-45a5-bd3e-a7a159d6eefb/method:publickey) ERROR: Failed to authenticate as jenkins with credential=f3897dd0-5808-45a5-bd3e-a7a159d6eefb java.io.IOException: Publickey authentication failed. at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:315) at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:467) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:415) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:435) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.io.IOException: Illegal len in DER object (1186) at com.trilead.ssh2.crypto.SimpleDERReader.readSequenceAsByteArray(SimpleDERReader.java:136) at com.trilead.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:355) at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:224) ... 11 more [08/29/16 03:59:01] [SSH] Authentication failed. hudson.AbortException: Authentication failed. at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1217) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) [08/29/16 03:59:01] Launch failed - cleaning up connection [08/29/16 03:59:01] [SSH] Connection closed.

Ivan Fernandez Calvo added a comment - 2018-07-23 09:16 - edited

tested on 1.26

Ivan Fernandez Calvo added a comment - 2018-07-23 09:16 - edited tested on 1.26

Assignee:: Ivan Fernandez Calvo

Reporter:: Rainer Weinhold

Votes:: 6 Vote for this issue

Watchers:: 16 Start watching this issue

Created:: 2013-03-26 15:59

Updated:: 2018-07-23 09:16

Resolved:: 2018-07-23 09:16

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Stephen Morrison added a comment - 2013-04-03 05:31

Expand comment: Stephen Morrison added a comment - 2013-04-03 05:31

Collapse comment: Yves Schumann added a comment - 2013-04-03 11:32

Expand comment: Yves Schumann added a comment - 2013-04-03 11:32

Collapse comment: Kohsuke Kawaguchi added a comment - 2013-04-16 01:44

Expand comment: Kohsuke Kawaguchi added a comment - 2013-04-16 01:44

Collapse comment: Kohsuke Kawaguchi added a comment - 2013-04-16 01:52

Expand comment: Kohsuke Kawaguchi added a comment - 2013-04-16 01:52

Collapse comment: Joakim Sandström added a comment - 2013-04-17 05:45, Edited by Joakim Sandström - 2013-04-17 05:46

Expand comment: Joakim Sandström added a comment - 2013-04-17 05:45, Edited by Joakim Sandström - 2013-04-17 05:46

Collapse comment: Joakim Sandström added a comment - 2013-04-17 05:47

Expand comment: Joakim Sandström added a comment - 2013-04-17 05:47

Collapse comment: Kohsuke Kawaguchi added a comment - 2013-04-17 20:59

Expand comment: Kohsuke Kawaguchi added a comment - 2013-04-17 20:59

Collapse comment: nel pontejos added a comment - 2015-01-21 18:32

Expand comment: nel pontejos added a comment - 2015-01-21 18:32

Collapse comment: Vasu Devan added a comment - 2016-08-29 04:09

Expand comment: Vasu Devan added a comment - 2016-08-29 04:09

Collapse comment: Ivan Fernandez Calvo added a comment - 2018-07-23 09:16, Edited by Ivan Fernandez Calvo - 2018-07-23 09:16

Expand comment: Ivan Fernandez Calvo added a comment - 2018-07-23 09:16, Edited by Ivan Fernandez Calvo - 2018-07-23 09:16

People

Dates