Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22855

SSH Credential's username isn't used.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • git-client-plugin
    • None
    • git-client: 1.6.6
      jenkins: 1.532.3

      It appears that launchCommandWithCredentials doesn't tell ssh about the SSH Credential's username:

      https://github.com/jenkinsci/git-client-plugin/blob/master/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java#L1106

      If you try using the git plugin to clone a URL like ssh://git.example.com/path/to/repo.git

      It will use the username that the slave.jar is running as, not the username in the credentials.

          [JENKINS-22855] SSH Credential's username isn't used.

          Mark Waite added a comment -

          I think that I've seen this fail the initial checks performed when defining the job from the web interface. I created a new job with Git for SCM, and the URL ssh://markwaite/var/lib/git/mwaite/bin.git . When I tried to use a credential for that machine (user name mwaite, private key), I see an entry in the /var/log/auth.log file on that machine for the user jenkins attempting a connection, rather than the user mwaite.

          May  3 13:21:56 markwaite sshd[2298]: Failed password for jenkins from 172.16.16.253 port 57700 ssh2
May  3 13:21:56 markwaite sshd[2298]: Failed password for jenkins from 172.16.16.253 port 57700 ssh2
May  3 13:21:56 markwaite sshd[2298]: Connection closed by 172.16.16.253 [preauth]

          I was expected to see "Failed password for mwaite" rather than "Failed password for jenkins".

          Mark Waite added a comment - I think that I've seen this fail the initial checks performed when defining the job from the web interface. I created a new job with Git for SCM, and the URL ssh://markwaite/var/lib/git/mwaite/bin.git . When I tried to use a credential for that machine (user name mwaite, private key), I see an entry in the /var/log/auth.log file on that machine for the user jenkins attempting a connection, rather than the user mwaite. May 3 13:21:56 markwaite sshd[2298]: Failed password for jenkins from 172.16.16.253 port 57700 ssh2 May 3 13:21:56 markwaite sshd[2298]: Failed password for jenkins from 172.16.16.253 port 57700 ssh2 May 3 13:21:56 markwaite sshd[2298]: Connection closed by 172.16.16.253 [preauth] I was expected to see "Failed password for mwaite" rather than "Failed password for jenkins".

          Mark Waite added a comment -

          Confirmed also from a newly launched Amazon EC2 instance. I added a private key with the username "mwaite" but the log files on the machine receiving the request report the user "jenkins" was attempted, rather than the user "mwaite":

          Jul 12 19:50:29 wheezy64b sshd[10486]: Failed password for jenkins from 54.205.194.178 port 36176 ssh2

          Mark Waite added a comment - Confirmed also from a newly launched Amazon EC2 instance. I added a private key with the username "mwaite" but the log files on the machine receiving the request report the user "jenkins" was attempted, rather than the user "mwaite": Jul 12 19:50:29 wheezy64b sshd[10486]: Failed password for jenkins from 54.205.194.178 port 36176 ssh2

          Mark Waite added a comment -

          The work around for this is to include the user name in the ssh URL, as in ssh://mwaite@mark-pc1/var/lib/git/mwaite/bin.git

          Mark Waite added a comment - The work around for this is to include the user name in the ssh URL, as in ssh://mwaite@mark-pc1/var/lib/git/mwaite/bin.git

          Mark Waite added a comment -

          Fixed in the next git client plugin released after 1.18.0

          Mark Waite added a comment - Fixed in the next git client plugin released after 1.18.0

            Unassigned Unassigned
            docwhat Christian Höltje
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: