Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25258

SSH Plugin fails to connect to openssh 6.7

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • ssh-plugin
    • None
    • Java:
      java version "1.7.0_71"
      OpenJDK Runtime Environment (IcedTea 2.5.3) (Arch Linux build 7.u71_2.5.3-1-x86_64)
      OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

      Jenkins: 1.577
      SSH Plugin: 2.4 (2.3)

    Description

      Cannot create connection to server with OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014. In configuration page it just say cannot connect to server.

      With openssh 6.6 all works fine.

      Trying to run something on that server:

      [SSH] Exception:Algorithm negotiation fail
      com.jcraft.jsch.JSchException: Algorithm negotiation fail
      	at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
      	at com.jcraft.jsch.Session.connect(Session.java:286)
      	at com.jcraft.jsch.Session.connect(Session.java:150)
      	at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:118)
      	at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:128)
      	at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:60)
      	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770)
      	at hudson.model.Build$BuildExecution.build(Build.java:199)
      	at hudson.model.Build$BuildExecution.doRun(Build.java:160)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
      	at hudson.model.Run.execute(Run.java:1740)
      	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
      	at hudson.model.ResourceController.execute(ResourceController.java:89)
      	at hudson.model.Executor.run(Executor.java:240)
      Build step 'Execute shell script on remote host using ssh' marked build as failure
      

      ngrep also says that "Algorithm negotiation" is the problem:

      T 192.168.20.186:49916 -> 192.168.20.188:22 [AP]
        SSH-2.0-JSCH-0.1.42.                                                                                                           
      
      T 192.168.20.188:22 -> 192.168.20.186:49916 [AP]
        SSH-2.0-OpenSSH_6.7..                                                                                                          
      
      T 192.168.20.186:49916 -> 192.168.20.188:22 [AP]
        ........^..gco..Z.$A.....=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1....ssh-rsa,ssh-dss...Jaes128-ctr,aes128
        -cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc...Jaes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,ae
        s256-cbc...+hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96...+hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96....none....none.........
        ....H..(.4d.Qy...eV                                                                                                            
      
      T 192.168.20.188:22 -> 192.168.20.186:49916 [AP]
        ......o[.o2...d...@..z....curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-
        group-exchange-sha256,diffie-hellman-group14-sha1.../ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519...laes128-ctr,aes192-ctr,a
        es256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com...laes128-ctr,aes192-ctr,aes256-ctr,aes12
        8-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac
        -sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac
        -sha2-256,hmac-sha2-512,hmac-sha1....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-5
        12-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1....
        none,zlib@openssh.com....none,zlib@openssh.com.................                                                                
      
      T 192.168.20.186:49916 -> 192.168.20.188:22 [AP]
        ...T.........9com.jcraft.jsch.JSchException: Algorithm negotiation fail....enl....;R]7..
      

      Attachments

        Issue Links

          Activity

            gkr G. Kr. added a comment -

            see also:
            http://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins

            it might be sufficient to switch to Jsch 0.1.51 or higher
            see http://www.jcraft.com/jsch/ChangeLog

            a 2.5 release that fixes the issue would be greatly appreciated
            OS releases using openssh >= 6.7
            debian jessie (currently stable)
            ubuntu vivid (currently stable)
            fedora 22 + 23

            gkr G. Kr. added a comment - see also: http://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins it might be sufficient to switch to Jsch 0.1.51 or higher see http://www.jcraft.com/jsch/ChangeLog a 2.5 release that fixes the issue would be greatly appreciated OS releases using openssh >= 6.7 debian jessie (currently stable) ubuntu vivid (currently stable) fedora 22 + 23
            ajaynpatil Ajay Patil added a comment -

            Any idea when the next release is going to be delivered ? which will fix the connection issue.

            ajaynpatil Ajay Patil added a comment - Any idea when the next release is going to be delivered ? which will fix the connection issue.
            rgevaert Rudy Gevaert added a comment -

            This is hitting me too. A newer release would be appreciated. There is even a pull request on github that fixes it.
            https://github.com/jenkinsci/ssh-plugin/pull/15

            rgevaert Rudy Gevaert added a comment - This is hitting me too. A newer release would be appreciated. There is even a pull request on github that fixes it. https://github.com/jenkinsci/ssh-plugin/pull/15
            tberton Thomas Berton added a comment -

            Please merge this pull request in the new release. Currently the plugin cannot be used in combination with Debian Jessie (and others see above).

            tberton Thomas Berton added a comment - Please merge this pull request in the new release. Currently the plugin cannot be used in combination with Debian Jessie (and others see above).

            Hi Folks,

            If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example:

            cp /tmp/jsch-0.1.53.jar /var/lib/jenkins/plugins/ssh/WEB-INF/lib/

            Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie.

            Hopefully the request has been merged into the next release...

            Best regards,
            Steven

            schlegels Steven Schlegel added a comment - Hi Folks, If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example: cp /tmp/jsch-0.1.53.jar / var /lib/jenkins/plugins/ssh/WEB-INF/lib/ Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie. Hopefully the request has been merged into the next release... Best regards, Steven

            Any news here? We faced the same problem and it took us some time to figure out what's going wrong just to see that the solution is known since more than 4 months ...
            Since this fix looks very simple - what's the problem updating to the new jsch version and publish a new ssh plugin?

            chehrlic Christian Ehrlicher added a comment - Any news here? We faced the same problem and it took us some time to figure out what's going wrong just to see that the solution is known since more than 4 months ... Since this fix looks very simple - what's the problem updating to the new jsch version and publish a new ssh plugin?
            saschaszott Sascha Szott added a comment -

            In case you are using Oracle JDK you should also check that your JVM's Java Cryptography Extension (JCE) is configured appropriately. A manual update of the JSch library (to version 0.1.53 or above) was not sufficient for my Jenkins installation. Additionally, I had to replace two JAR files (local_policy.jar and US_export_policy.jar) within the lib/security directory of the JRE installation in order to establish SSH connections from Jenkins. To enable "unlimited strength" crypto you will need to download a Zip archive from Oracle that contains to modified versions of the aforementioned JAR files, e.g. for Oracle JDK 8 go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

            Please note that OpenJDK does not require this manual tuning step.

             

            saschaszott Sascha Szott added a comment - In case you are using Oracle JDK you should also check that your JVM's Java Cryptography Extension (JCE) is configured appropriately. A manual update of the JSch library (to version 0.1.53 or above) was not sufficient for my Jenkins installation. Additionally, I had to replace two JAR files (local_policy.jar and US_export_policy.jar) within the lib/security directory of the JRE installation in order to establish SSH connections from Jenkins. To enable "unlimited strength" crypto you will need to download a Zip archive from Oracle that contains to modified versions of the aforementioned JAR files, e.g. for Oracle JDK 8 go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html Please note that OpenJDK does not require this manual tuning step.  

            Recent 2.5 version of ssh-plugin uses JSch 0.1.54 version.

            Closing the issue.

            ljader Łukasz Jąder added a comment - Recent 2.5 version of ssh-plugin uses JSch 0.1.54 version. Closing the issue.

            People

              Unassigned Unassigned
              zzazab Evgeny Persienko
              Votes:
              16 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: