Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32120

With ssh-agent 1.9, local builds fail with "Unable to create OpenSSL PBDKF"

    XMLWordPrintable

Details

    Description

      When running a local build (on the master), the build fails to load the ssh-agent:

      Started by an SCM change
Building in workspace /var/jenkins_home/workspace/production - client (prod3)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Java/JNR ssh-agent
[ssh-agent] Started.
[ssh-agent] Using credentials git (Bitbucket checkout)
[ssh-agent] Unable to read key: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available
org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)
	at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
	at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
	at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
	at com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.addIdentity(JNRRemoteAgent.java:98)
	at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper$SSHAgentEnvironment.add(SSHAgentBuildWrapper.java:388)
	at com.cloudbees.jenkins.plugins.sshagent.SSHAgentBuildWrapper.preCheckout(SSHAgentBuildWrapper.java:227)
	at jenkins.scm.SCMCheckoutStrategy.preCheckout(SCMCheckoutStrategy.java:76)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:528)
	at hudson.model.Run.execute(Run.java:1738)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)
Caused by: java.security.NoSuchAlgorithmException: PBKDF-OpenSSL SecretKeyFactory not available
	at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:121)
	at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:159)
	at org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createSecretKeyFactory(Unknown Source)
	... 14 more
[ssh-agent] Using credentials deploy (Deployment key to work with Minion Master)

      Then the build looks like its continuing normally, but the ssh key was not actually loaded and as a result the build fails:

      + ssh -o StrictHostKeyChecking=no deploy@xxx.xxx.xxx some command
Permission denied (publickey).
+ ...
+ exit 5
+ exit 5
Build step 'Execute shell' marked build as failure
[ssh-agent] Stopped.

      Running the same job on a slave works fine:

      Started by user Oded Arbel
Building remotely on trusty (i-5827fe82) (trusty docker) in workspace /srv/build/workspace/production - client (prod3)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Java/JNR ssh-agent
[ssh-agent] Started.
[ssh-agent] Using credentials git (Bitbucket checkout)
[ssh-agent] Using credentials deploy (Deployment key to work with Minion Master)

      Downgrading the ssh-agent plugin to version 1.8 worked around the problem. After downgrade:

      Started by user Oded Arbel
Building in workspace /var/jenkins_home/workspace/production - client (prodhk)
[ssh-agent] Using credentials git (Bitbucket checkout)
[ssh-agent] Using credentials deploy (Deployment key to work with Minion Master)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Java/JNR ssh-agent
[ssh-agent] Started.

      Also see here: https://www.botbot.me/freenode/jenkins/2015-12-16/?msg=56268453&page=4

      Attachments

        Issue Links

          links to

          Web Link CloudBees Internal OSS-625

          Web Link PR-14

          Activity

            Ascending order - Click to sort in descending order
            View 16 older comments
            russo79 Riccardo Russo added a comment - - edited

            Me too, still having this issue.

            [Pipeline] sshagent
[ssh-agent] Using credentials prova
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Java/JNR ssh-agent
[ssh-agent] Unable to read key: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available
org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source)

            org.jenkins-ci.main:jenkins-war:2.9
            bouncycastle-api 1.648
            SSH Agent Plugin 1.11
            SSH Credentials Plugin 1.12
            Running on slave

            russo79 Riccardo Russo added a comment - - edited Me too, still having this issue. [Pipeline] sshagent [ssh-agent] Using credentials prova [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Java/JNR ssh-agent [ssh-agent] Unable to read key: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source) org.jenkins-ci.main:jenkins-war:2.9 bouncycastle-api 1.648 SSH Agent Plugin 1.11 SSH Credentials Plugin 1.12 Running on slave
            alobato Alvaro Lobato added a comment -

            The problems are related with the Bouncy Castle version conflicts, the solution is to use Bouncy Castle API plugin to do all the Bouncy Castle related stuff. See Bouncy Castle API Plugin.

            Some of the problems are related with BC not being correctly registered on build agents, I've submitted a PR hopefully fixing those cases: PR-14

            alobato Alvaro Lobato added a comment - The problems are related with the Bouncy Castle version conflicts, the solution is to use Bouncy Castle API plugin to do all the Bouncy Castle related stuff. See Bouncy Castle API Plugin . Some of the problems are related with BC not being correctly registered on build agents, I've submitted a PR hopefully fixing those cases: PR-14
            russo79 Riccardo Russo added a comment -

            Thanks!

            Because I'm really a newbie, this means that from Update Center in Jenkins it will be possible to download a new release?

            russo79 Riccardo Russo added a comment - Thanks! Because I'm really a newbie, this means that from Update Center in Jenkins it will be possible to download a new release?
            alobato Alvaro Lobato added a comment -

            This means that the code for the fix has been submitted. It has to be reviewed and after that a released can be cut so you have it available on the Update Center.

            alobato Alvaro Lobato added a comment - This means that the code for the fix has been submitted. It has to be reviewed and after that a released can be cut so you have it available on the Update Center.
            alobato Alvaro Lobato added a comment -

            Released ssh-agent-1.12

            alobato Alvaro Lobato added a comment - Released ssh-agent-1.12

            People

              alobato Alvaro Lobato
              guss77 Oded Arbel
              Votes:
              16 Vote for this issue
              Watchers:
              27 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: