-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Java:
java version "1.7.0_71"
OpenJDK Runtime Environment (IcedTea 2.5.3) (Arch Linux build 7.u71_2.5.3-1-x86_64)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)
Jenkins: 1.577
SSH Plugin: 2.4 (2.3)
Cannot create connection to server with OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014. In configuration page it just say cannot connect to server.
With openssh 6.6 all works fine.
Trying to run something on that server:
[SSH] Exception:Algorithm negotiation fail
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
at com.jcraft.jsch.Session.connect(Session.java:286)
at com.jcraft.jsch.Session.connect(Session.java:150)
at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:118)
at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:128)
at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:60)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770)
at hudson.model.Build$BuildExecution.build(Build.java:199)
at hudson.model.Build$BuildExecution.doRun(Build.java:160)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
at hudson.model.Run.execute(Run.java:1740)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:89)
at hudson.model.Executor.run(Executor.java:240)
Build step 'Execute shell script on remote host using ssh' marked build as failure
ngrep also says that "Algorithm negotiation" is the problem:
T 192.168.20.186:49916 -> 192.168.20.188:22 [AP] SSH-2.0-JSCH-0.1.42. T 192.168.20.188:22 -> 192.168.20.186:49916 [AP] SSH-2.0-OpenSSH_6.7.. T 192.168.20.186:49916 -> 192.168.20.188:22 [AP] ........^..gco..Z.$A.....=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1....ssh-rsa,ssh-dss...Jaes128-ctr,aes128 -cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc...Jaes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,ae s256-cbc...+hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96...+hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96....none....none......... ....H..(.4d.Qy...eV T 192.168.20.188:22 -> 192.168.20.186:49916 [AP] ......o[.o2...d...@..z....curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman- group-exchange-sha256,diffie-hellman-group14-sha1.../ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519...laes128-ctr,aes192-ctr,a es256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com...laes128-ctr,aes192-ctr,aes256-ctr,aes12 8-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac -sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac -sha2-256,hmac-sha2-512,hmac-sha1....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-5 12-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1.... none,zlib@openssh.com....none,zlib@openssh.com................. T 192.168.20.186:49916 -> 192.168.20.188:22 [AP] ...T.........9com.jcraft.jsch.JSchException: Algorithm negotiation fail....enl....;R]7..
- is duplicated by
-
JENKINS-25412 Update JSch to 0.1.49
-
- Open
-
[JENKINS-25258] SSH Plugin fails to connect to openssh 6.7
Ajay Patil
added a comment - Any idea when the next release is going to be delivered ? which will fix the connection issue.
Ajay Patil
added a comment - Any idea when the next release is going to be delivered ? which will fix the connection issue. 
Rudy Gevaert
added a comment - This is hitting me too. A newer release would be appreciated. There is even a pull request on github that fixes it.
https://github.com/jenkinsci/ssh-plugin/pull/15
Rudy Gevaert
added a comment - This is hitting me too. A newer release would be appreciated. There is even a pull request on github that fixes it.
https://github.com/jenkinsci/ssh-plugin/pull/15 
Thomas Berton
added a comment - Please merge this pull request in the new release. Currently the plugin cannot be used in combination with Debian Jessie (and others see above).
Thomas Berton
added a comment - Please merge this pull request in the new release. Currently the plugin cannot be used in combination with Debian Jessie (and others see above). 
Steven Schlegel
added a comment - Hi Folks,
If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example:
cp /tmp/jsch-0.1.53.jar /var/lib/jenkins/plugins/ssh/WEB-INF/lib/
Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie.
Hopefully the request has been merged into the next release...
Best regards,
Steven
Steven Schlegel
added a comment - Hi Folks,
If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example:
cp /tmp/jsch-0.1.53.jar / var /lib/jenkins/plugins/ssh/WEB-INF/lib/
Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie.
Hopefully the request has been merged into the next release...
Best regards,
Steven
Christian Ehrlicher
added a comment - Any news here? We faced the same problem and it took us some time to figure out what's going wrong just to see that the solution is known since more than 4 months ...
Since this fix looks very simple - what's the problem updating to the new jsch version and publish a new ssh plugin?
Christian Ehrlicher
added a comment - Any news here? We faced the same problem and it took us some time to figure out what's going wrong just to see that the solution is known since more than 4 months ...
Since this fix looks very simple - what's the problem updating to the new jsch version and publish a new ssh plugin? 
Sascha Szott
added a comment - In case you are using Oracle JDK you should also check that your JVM's Java Cryptography Extension (JCE) is configured appropriately. A manual update of the JSch library (to version 0.1.53 or above) was not sufficient for my Jenkins installation. Additionally, I had to replace two JAR files (local_policy.jar and US_export_policy.jar) within the lib/security directory of the JRE installation in order to establish SSH connections from Jenkins. To enable "unlimited strength" crypto you will need to download a Zip archive from Oracle that contains to modified versions of the aforementioned JAR files, e.g. for Oracle JDK 8 go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Please note that OpenJDK does not require this manual tuning step.
Sascha Szott
added a comment - In case you are using Oracle JDK you should also check that your JVM's Java Cryptography Extension (JCE) is configured appropriately. A manual update of the JSch library (to version 0.1.53 or above) was not sufficient for my Jenkins installation. Additionally, I had to replace two JAR files (local_policy.jar and US_export_policy.jar) within the lib/security directory of the JRE installation in order to establish SSH connections from Jenkins. To enable "unlimited strength" crypto you will need to download a Zip archive from Oracle that contains to modified versions of the aforementioned JAR files, e.g. for Oracle JDK 8 go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Please note that OpenJDK does not require this manual tuning step.
Recent 2.5 version of ssh-plugin uses JSch 0.1.54 version.
Closing the issue.
see also:
http://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins
it might be sufficient to switch to Jsch 0.1.51 or higher
see http://www.jcraft.com/jsch/ChangeLog
a 2.5 release that fixes the issue would be greatly appreciated
OS releases using openssh >= 6.7
debian jessie (currently stable)
ubuntu vivid (currently stable)
fedora 22 + 23