Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35337

NPE from JNRRemoteAgent.addIdentity due to bad PEM format

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Won't Fix
    • ssh-agent-plugin
    • None
    • Jenkins 1.651.1
      SSH Agent 1.10

    Description

      This is in a pipeline workflow...

      It doesn't seem to be able to read the key, despite finding the credentials.

      [Pipeline] sshagent
      [ssh-agent] Using credentials repo (Deploy artifacts to repo)
      [ssh-agent] Looking for ssh-agent implementation...
      [ssh-agent]   Java/JNR ssh-agent
      [ssh-agent] Unable to read key: null
      java.lang.NullPointerException
      	at com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.addIdentity(JNRRemoteAgent.java:107)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:606)
      	at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:608)
      	at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:583)
      	at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:542)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:120)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:48)
      	at hudson.remoting.Request$2.run(Request.java:326)
      	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:745)
      [ssh-agent] Started.
      

      Attachments

        Issue Links

          Activity

            Are you able to reproduce with the latest version of SSH Agent 1.11? This version now uses the Bouncycastle API and that part of the code has been reworked.

            allan_burdajewicz Allan BURDAJEWICZ added a comment - Are you able to reproduce with the latest version of SSH Agent 1.11? This version now uses the Bouncycastle API and that part of the code has been reworked.
            itaisanders Itai Sanders added a comment - - edited

            I had the same problem (plugin version 1.13).
            I think I got passed it when I enclosed the private key with the opening and closing statement:

            -----BEGIN RSA PRIVATE KEY-----
            AAABARwm....
            ...ggrkQs8=
            -----END RSA PRIVATE KEY-----
            

            but then the error changed to:

            [ssh-agent] Looking for ssh-agent implementation...
            [ssh-agent]   Java/JNR ssh-agent
            [ssh-agent] Registered BouncyCastle on the remote agent
            [ssh-agent] Unable to read key: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: unexpected end-of-contents marker
            org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: unexpected end-of-contents marker
            	at org.bouncycastle.openssl.PEMParser$KeyPairParser.parseObject(Unknown Source)
            	at org.bouncycastle.openssl.PEMParser.readObject(Unknown Source)
            	at jenkins.bouncycastle.api.PEMEncodable.decode(PEMEncodable.java:153)
            	at com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.addIdentity(JNRRemoteAgent.java:79)
            	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
            	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            	at java.lang.reflect.Method.invoke(Method.java:498)
            	at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:887)
            	at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:862)
            	at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:821)
            	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
            	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
            	at hudson.remoting.Request$2.run(Request.java:332)
            	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
            	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
            	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            	at java.lang.Thread.run(Thread.java:745)
            Caused by: org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: unexpected end-of-contents marker
            	at org.bouncycastle.openssl.PEMParser$RSAKeyPairParser.parse(Unknown Source)
            	... 19 more
            Caused by: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: unexpected end-of-contents marker
            	at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source)
            	... 20 more
            [ssh-agent] Started.
            

            needless to say that the sh 'ssh user@host' inside the sshagent scope fails.

            itaisanders Itai Sanders added a comment - - edited I had the same problem (plugin version 1.13). I think I got passed it when I enclosed the private key with the opening and closing statement: -----BEGIN RSA PRIVATE KEY----- AAABARwm.... ...ggrkQs8= -----END RSA PRIVATE KEY----- but then the error changed to: [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Java/JNR ssh-agent [ssh-agent] Registered BouncyCastle on the remote agent [ssh-agent] Unable to read key: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte []: unexpected end-of-contents marker org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte []: unexpected end-of-contents marker at org.bouncycastle.openssl.PEMParser$KeyPairParser.parseObject(Unknown Source) at org.bouncycastle.openssl.PEMParser.readObject(Unknown Source) at jenkins.bouncycastle.api.PEMEncodable.decode(PEMEncodable.java:153) at com.cloudbees.jenkins.plugins.sshagent.jna.JNRRemoteAgent.addIdentity(JNRRemoteAgent.java:79) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:887) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:862) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:821) at hudson.remoting.UserRequest.perform(UserRequest.java:153) at hudson.remoting.UserRequest.perform(UserRequest.java:50) at hudson.remoting.Request$2.run(Request.java:332) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) Caused by: org.bouncycastle.openssl.PEMException: problem creating RSA private key: java.lang.IllegalArgumentException: failed to construct sequence from byte []: unexpected end-of-contents marker at org.bouncycastle.openssl.PEMParser$RSAKeyPairParser.parse(Unknown Source) ... 19 more Caused by: java.lang.IllegalArgumentException: failed to construct sequence from byte []: unexpected end-of-contents marker at org.bouncycastle.asn1.ASN1Sequence.getInstance(Unknown Source) ... 20 more [ssh-agent] Started. needless to say that the sh 'ssh user@host' inside the sshagent scope fails.
            itaisanders Itai Sanders added a comment - - edited

            UPDATE: ok, I used the complete ppk file and it works now. I guess the problem is just in the PEM format.

            itaisanders Itai Sanders added a comment - - edited UPDATE: ok, I used the complete ppk file and it works now. I guess the problem is just in the PEM format.
            jglick Jesse Glick added a comment -

            Presumably not an issue for most people after JENKINS-36997 in 1.14.

            jglick Jesse Glick added a comment - Presumably not an issue for most people after JENKINS-36997 in 1.14.
            jglick Jesse Glick added a comment -

            Sounds similar to JENKINS-41978.

            jglick Jesse Glick added a comment - Sounds similar to JENKINS-41978 .
            jglick Jesse Glick added a comment - Close if https://github.com/jenkinsci/ssh-agent-plugin/pull/48 is merged.

            People

              Unassigned Unassigned
              docwhat Christian Höltje
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: