Status: Closed (View Workflow)
Resolution: Won't Fix
Tomcat 8.0 with native library
ssh-agent plugin 1.6
Getting the following exception when attempt to run a job with the ssh-agent plugin enabled:
Started by user anonymous Building in workspace C:\Program Files (x86)\Jenkins\jobs\SmartPhone\workspace [ssh-agent] Using credentials id_rsa_smartphone (Smartphone Repo on GitHub) [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] FATAL: Could not find a suitable ssh-agent provider [ssh-agent] Diagnostic report FATAL: [ssh-agent] Unable to start agent hudson.util.IOException2: [ssh-agent] Unable to start agent at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.createSSHAgentEnvironment(SSHAgentBuildWrapper.java:231) at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:189) at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:530) at hudson.model.Run.execute(Run.java:1741) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:374) Caused by: java.lang.RuntimeException: [ssh-agent] Could not find a suitable ssh-agent provider. at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper$SSHAgentEnvironment.<init>(SSHAgentBuildWrapper.java:332) at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.createSSHAgentEnvironment(SSHAgentBuildWrapper.java:224) ... 7 more Finished: FAILURE
I'm not a Java developer but It appears that the code is attempting to get implementors of RemoteAgentFactory. From what I can tell, there are two - MinaRemoteAgentFactory and JNRRemoteAgentFactory. However, it doesn't appear to find either of these two because of the FATAL: Could not find a suitable ssh-agent provider message that it emits. If it did find MinaRemoteAgentFactory, the MinaRemoteAgentFactory.isSupported() function would either return true or log the Could not find Tomcat Native library message.
I'm not positive that I have the Tomcat native library installed correctly but it appears that it is not even getting to the point where it's checking for the existence of the library. When I installed Tomcat on Windows, I selected the option to include the native library. In the Tomcat logs, it indicates that the native library is being used.
I got the ssh agent to start using the following method:
- Download both the source package and the precompiled Windows binary package from here: http://tomcat.apache.org/native-doc/
- Extract the precompiled binaries to a location on your slave node, e.g. c:\apr-native.
- Make sure c:\apr-native\bin has the correct library for your architecture, e.g. move the x64 one into bin if you are using a 64 bit java.
- Extract the source somewhere on a machine with Ant
- go to $src\jni and run "ant" then "ant jar". This should produce a tomcat-native-<version>-dev.jar file in the dist subdirectory.
- Copy this jar file to c:\apr-native on your slave node
- Modify your slave configuration to set the JVM options to include:
-classpath c:\apr-native\tomcat-native-<version>-dev.jar -Djava.library.path=c:\apr-native\bin
- Restart your slave
Now when running a build I get the ssh agent output I expect:
[ssh-agent] Using credentials svc_jenkins_cm
[ssh-agent] Looking for ssh-agent implementation...
I also see that SSH_AUTH_SOCK is set in the environment if I have my job run 'env'. Unfortunately none of my tools will work with the agent though. msysgit's ssh doesn't try to use it at all. I installed cygwin and tried to use that ssh intead, but receive an error that the socket is busy:
debug1: pubkey_prepare: ssh_get_authentication_socket: Device or resource busy
I haven't tried putty/plink.
I have used other windows pageant-ish tools which provide a different socket interface for msysgit vs. cygwin. Both write socket files vs. creating a pipe. I wonder if this mina-based agent needs to be tweaked to provide something similar?
Will's installation instructions for Windows worked perfectly (hint: Jenkins expects a 32-bit DLL, even on a 64-bit OS). To the author of this plugin, please update the official documentation with these steps!
Worked for me too. Howerver, I used chocolatey to install tomcat instead.
I also see this issue though:
debug1: pubkey_prepare: ssh_get_authentication_socket: Device or resource busy
Anyone have any ideas?
I could swear I had this working recently (as mentioned above) but now I am getting a slightly different problem from you guys. I had this working in the past, but it now looks like I am getting a different problem from you.
1. ssh-agent seems to launch successfully:
[ssh-agent] Using credentials cowwoc [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Java/tomcat-native ssh-agent [ssh-agent] Registered BouncyCastle on the remote agent [ssh-agent] Started.
2. But git.exe is not using it:
debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/builds/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 535 debug1: read_passphrase: can't open /dev/tty: No such device or address
(I got the above debugging output by setting system property GIT_SSH_COMMAND="ssh -v" as mentioned at http://stackoverflow.com/a/36038548/14731)
UPDATE: I think I get it now. "git in a shell" works fine, but "git plugin" is not. This seems to be a known problem. See https://groups.google.com/forum/#!topic/jenkinsci-users/4yXiBwwthMg
At first glance, it seems you can workaround this problem by using an HTTPS URL for "git checkout" (as opposed to ssh). This gets around the "git plugin" bug (it uses the credentials from Jenkins instead of from ssh-agent).
FWIW I don't think I ever got this to work on Windows with Git. I haven't really tried since I put in my original comment last year. At the time, I was getting the same 'device or resource busy' error that Joe got. I assumed it was something with how the socket file/handle was being presented; I've seen where e.g. applications have different methods of writing a file for cygwin- vs. msys-based client applications, whereas Windows/winsock may have a 3rd format.
I am not sure why this would be needed for the Git plugin, as it already works with SSH Credentials. For some of our other non-plugin git needs I've either stashed an ssh key on the build machine, or it's possible (but messy) to write a groovy script in EnvInject which will use the job's configured git with programmed credentials.
I'm going to file a new issue regarding debug1: pubkey_prepare: ssh_get_authentication_socket: Device or resource busy.
As far as I can tell, the only way to authenticate properly under Windows is to pass the username/password to an HTTPS url. See http://stackoverflow.com/a/33630506/14731 and JENKINS-28335 for more details.
In the end I just wrote a new plugin to spawn an actual ssh-agent.exe process. It's loaded by the ssh-agent plugin so no changes are necessary to pipelines or anything .
If you're interested I can share once I clean it up a little.
externl For sure, share it. Ideally the author of this plugin will pull in your changes so we will get it out of the box standard.
Close if https://github.com/jenkinsci/ssh-agent-plugin/pull/48 is merged.
It is not clear how this is supposed to work on Windows. The documentation just says 'install the native libraries'. Install them where? I just created a directory, put the .dll/openssl.exe in there and added that to my system PATH.
The OS X installation example references building the jar file, which is not distributed with the pre-compiled Windows native library binaries. I compiled the jar against the distributed binaries and modified the slave startup command with a -classpath argument pointing to the jar, but this doesn't seem to make the ssh-agent work either.