• Type: Bug
• Resolution: Unresolved
• Priority: Minor
• Component/s: cli
• Labels:

  • authentication
  • cli
  • connection
  • ssh
• Environment:

  Hide

  Using Jenkins 1.599 (org.jenkins-ci.main:jenkins-war:1.599) with following plugins:
  
  analysis-core checkstyle.jpi disk-usage.bak jenkins-multijob-plugin.bak mailer.jpi.pinned metrics-diskusage script-security tasks.jpi
  analysis-core.bak conditional-buildstep disk-usage.jpi jenkins-multijob-plugin.jpi mapdb-api metrics-diskusage.jpi script-security.jpi throttle-concurrents
  analysis-core.jpi conditional-buildstep.jpi diskcheck jquery mapdb-api.jpi metrics.jpi sloccount throttle-concurrents.jpi
  ant console-column-plugin diskcheck.jpi jquery.jpi matrix-auth nodelabelparameter sloccount.jpi timestamper
  ant.jpi console-column-plugin.jpi email-ext junit matrix-auth.bak nodelabelparameter.jpi ssh-credentials timestamper.bak
  antisamy-markup-formatter credentials email-ext.jpi junit.bak matrix-auth.jpi pam-auth ssh-credentials.bak timestamper.jpi
  antisamy-markup-formatter.bak credentials.bak envinject junit.jpi matrix-auth.jpi.pinned pam-auth.bak ssh-credentials.jpi token-macro
  antisamy-markup-formatter.jpi credentials.jpi envinject.bak junit.jpi.pinned matrix-project pam-auth.jpi ssh-credentials.jpi.pinned token-macro.jpi
  antisamy-markup-formatter.jpi.pinned credentials.jpi.pinned envinject.jpi ldap matrix-project.bak pam-auth.jpi.pinned ssh-slaves translation
  build-name-setter cvs external-monitor-job ldap.bak matrix-project.jpi parameterized-trigger ssh-slaves.jpi translation.bak
  build-name-setter.jpi cvs.bak external-monitor-job.jpi ldap.jpi matrix-project.jpi.pinned parameterized-trigger.bak subversion translation.jpi
  build-timeout cvs.jpi javadoc ldap.jpi.pinned maven-plugin parameterized-trigger.jpi subversion.bak translation.jpi.pinned
  build-timeout.bak cvs.jpi.pinned javadoc.bak leastload.jpi maven-plugin.bak run-condition subversion.jpi windows-slaves
  build-timeout.jpi dashboard-view javadoc.jpi mailer maven-plugin.jpi run-condition.jpi subversion.jpi.pinned windows-slaves.jpi
  checkstyle dashboard-view.jpi javadoc.jpi.pinned mailer.bak maven-plugin.jpi.pinned scm-api tasks
  checkstyle.bak disk-usage jenkins-multijob-plugin mailer.jpi metrics scm-api.jpi tasks.bak
  
  

  Show

  Using Jenkins 1.599 (org.jenkins-ci.main:jenkins-war:1.599) with following plugins: analysis-core checkstyle.jpi disk-usage.bak jenkins-multijob-plugin.bak mailer.jpi.pinned metrics-diskusage script-security tasks.jpi analysis-core.bak conditional-buildstep disk-usage.jpi jenkins-multijob-plugin.jpi mapdb-api metrics-diskusage.jpi script-security.jpi throttle-concurrents analysis-core.jpi conditional-buildstep.jpi diskcheck jquery mapdb-api.jpi metrics.jpi sloccount throttle-concurrents.jpi ant console-column-plugin diskcheck.jpi jquery.jpi matrix-auth nodelabelparameter sloccount.jpi timestamper ant.jpi console-column-plugin.jpi email-ext junit matrix-auth.bak nodelabelparameter.jpi ssh-credentials timestamper.bak antisamy-markup-formatter credentials email-ext.jpi junit.bak matrix-auth.jpi pam-auth ssh-credentials.bak timestamper.jpi antisamy-markup-formatter.bak credentials.bak envinject junit.jpi matrix-auth.jpi.pinned pam-auth.bak ssh-credentials.jpi token-macro antisamy-markup-formatter.jpi credentials.jpi envinject.bak junit.jpi.pinned matrix-project pam-auth.jpi ssh-credentials.jpi.pinned token-macro.jpi antisamy-markup-formatter.jpi.pinned credentials.jpi.pinned envinject.jpi ldap matrix-project.bak pam-auth.jpi.pinned ssh-slaves translation build-name-setter cvs external-monitor-job ldap.bak matrix-project.jpi parameterized-trigger ssh-slaves.jpi translation.bak build-name-setter.jpi cvs.bak external-monitor-job.jpi ldap.jpi matrix-project.jpi.pinned parameterized-trigger.bak subversion translation.jpi build-timeout cvs.jpi javadoc ldap.jpi.pinned maven-plugin parameterized-trigger.jpi subversion.bak translation.jpi.pinned build-timeout.bak cvs.jpi.pinned javadoc.bak leastload.jpi maven-plugin.bak run-condition subversion.jpi windows-slaves build-timeout.jpi dashboard-view javadoc.jpi mailer maven-plugin.jpi run-condition.jpi subversion.jpi.pinned windows-slaves.jpi checkstyle dashboard-view.jpi javadoc.jpi.pinned mailer.bak maven-plugin.jpi.pinned scm-api tasks checkstyle.bak disk-usage jenkins-multijob-plugin mailer.jpi metrics scm-api.jpi tasks.bak

[JENKINS-28346] Inconsistent CLI failiures

Collapse comment: Daniel Beck added a comment - 2015-05-12 08:51

Daniel Beck added a comment - 2015-05-12 08:51

Does it fail randomly for the same user, on the same machine? As the error is in SSH Key authentication, it is dependent on your environment.

Expand comment: Daniel Beck added a comment - 2015-05-12 08:51

Daniel Beck added a comment - 2015-05-12 08:51 Does it fail randomly for the same user, on the same machine? As the error is in SSH Key authentication, it is dependent on your environment.

Collapse comment: Raymond Accary added a comment - 2015-05-12 13:46

Raymond Accary added a comment - 2015-05-12 13:46

Hi Daniel,
It's the same user. Two machines submitting to the same master often fail.
However, I spent some time looking at things yesterday, and I realized that even in the case where the CLI build submission is actually invoked, the log would still show:
May 12, 2015 6:41:53 AM WARNING org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator authenticate
CLI authentication failure
java.io.EOFException
at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323)
at java.io.DataInputStream.readUTF(DataInputStream.java:572)
at java.io.DataInputStream.readUTF(DataInputStream.java:547)
at hudson.cli.Connection.readUTF(Connection.java:85)
at hudson.cli.Connection.verifyIdentity(Connection.java:244)
at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:39)
at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109)

Any ideas?

Expand comment: Raymond Accary added a comment - 2015-05-12 13:46

Raymond Accary added a comment - 2015-05-12 13:46 Hi Daniel, It's the same user. Two machines submitting to the same master often fail. However, I spent some time looking at things yesterday, and I realized that even in the case where the CLI build submission is actually invoked, the log would still show: May 12, 2015 6:41:53 AM WARNING org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator authenticate CLI authentication failure java.io.EOFException at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323) at java.io.DataInputStream.readUTF(DataInputStream.java:572) at java.io.DataInputStream.readUTF(DataInputStream.java:547) at hudson.cli.Connection.readUTF(Connection.java:85) at hudson.cli.Connection.verifyIdentity(Connection.java:244) at org.jenkinsci.main.modules.cli.auth.ssh.SshCliAuthenticator.authenticate(SshCliAuthenticator.java:39) at hudson.cli.CliManagerImpl$2.run(CliManagerImpl.java:109) Any ideas?

Collapse comment: Daniel Beck added a comment - 2015-05-12 16:31

Daniel Beck added a comment - 2015-05-12 16:31

Try to add the -noKeyAuth option to the java -jar jenkins-cli.jar invocation.

Expand comment: Daniel Beck added a comment - 2015-05-12 16:31

Daniel Beck added a comment - 2015-05-12 16:31 Try to add the -noKeyAuth option to the java -jar jenkins-cli.jar invocation.

Collapse comment: Raymond Accary added a comment - 2015-05-12 20:06

Raymond Accary added a comment - 2015-05-12 20:06

-noKeyAuth, can you explain a bit on what this option would do?
Note that: the master is password-protected.

Expand comment: Raymond Accary added a comment - 2015-05-12 20:06

Raymond Accary added a comment - 2015-05-12 20:06 -noKeyAuth, can you explain a bit on what this option would do? Note that: the master is password-protected.

Collapse comment: Daniel Beck added a comment - 2015-05-12 20:25

Daniel Beck added a comment - 2015-05-12 20:25

It will prevent trying to authorize using an SSH key (e.g. ~/.ssh/id_rsa) which the CLI does by default.

Expand comment: Daniel Beck added a comment - 2015-05-12 20:25

Daniel Beck added a comment - 2015-05-12 20:25 It will prevent trying to authorize using an SSH key (e.g. ~/.ssh/id_rsa) which the CLI does by default.

Collapse comment: Raymond Accary added a comment - 2015-05-12 20:32

Raymond Accary added a comment - 2015-05-12 20:32

How will it handle the authorization then?
Another thing, had this been always failing or passing, I wouldn't be this skeptical on this solution.
The fact that it's an inconsistent/random/intermittent failure is the troubling part. Any ideas on what could be the reason?

Expand comment: Raymond Accary added a comment - 2015-05-12 20:32

Raymond Accary added a comment - 2015-05-12 20:32 How will it handle the authorization then? Another thing, had this been always failing or passing, I wouldn't be this skeptical on this solution. The fact that it's an inconsistent/random/intermittent failure is the troubling part. Any ideas on what could be the reason?

Collapse comment: Daniel Beck added a comment - 2015-05-12 20:40

Daniel Beck added a comment - 2015-05-12 20:40

How will it handle the authorization then?

You're specifying user name and password on the command line.

Expand comment: Daniel Beck added a comment - 2015-05-12 20:40

Daniel Beck added a comment - 2015-05-12 20:40 How will it handle the authorization then? You're specifying user name and password on the command line.

Collapse comment: Daniel Beck added a comment - 2015-06-15 21:23

Daniel Beck added a comment - 2015-06-15 21:23

raccary So, did it work?

Expand comment: Daniel Beck added a comment - 2015-06-15 21:23

Daniel Beck added a comment - 2015-06-15 21:23 raccary So, did it work?

Collapse comment: Raymond Accary added a comment - 2016-05-03 18:42

Raymond Accary added a comment - 2016-05-03 18:42

It still shows in the logs as a warning.

Expand comment: Raymond Accary added a comment - 2016-05-03 18:42

Raymond Accary added a comment - 2016-05-03 18:42 It still shows in the logs as a warning.