Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45647

SSH plugin auth error on ver 2.5 (working on 2.4)

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Hello,

       

      I've noticed that after upgrade the ssh plugin to latest version (2.5) jenkins has started to fail to login into remote machines using ssh keys (I've not tested user and pass). Until the upgrade was working without problem and when I've downgraded the plugin has started to work again (all other are updated).

      The keys i use are RSA (maybe is important) and the error I get is this:

      [SSH] Exception:Auth fail
          com.jcraft.jsch.JSchException: Auth fail
          at com.jcraft.jsch.Session.connect(Session.java:519)
          at org.jvnet.hudson.plugins.CredentialsSSHSite.createSession(CredentialsSSHSite.java:130)
          at org.jvnet.hudson.plugins.CredentialsSSHSite.executeCommand(CredentialsSSHSite.java:206)
          at org.jvnet.hudson.plugins.CredentialsSSHSite.executeCommand(CredentialsSSHSite.java:199)
          at org.jvnet.hudson.plugins.SSHBuildWrapper.executePreBuildScript(SSHBuildWrapper.java:94)
          at org.jvnet.hudson.plugins.SSHBuildWrapper.setUp(SSHBuildWrapper.java:77)
          at hudson.model.Build$BuildExecution.doRun(Build.java:157)
          at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
          at hudson.model.Run.execute(Run.java:1735)
          at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
          at hudson.model.ResourceController.execute(ResourceController.java:97)
          at hudson.model.Executor.run(Executor.java:415)
      Finished: FAILURE

      Greetings!!

       

        Attachments

          Activity

          Hide
          danixu86 Daniel Carrasco added a comment -

          Finally is similar to what I said:

          That credential were for git connection and were not neccessary for ssh connection because the entire credentials were configured on hosts configuration page. Now the credentials of hosts are configured by a combobox where you see all created credential, so now you need to create credentials for both (ssh and git) and that's why I had to create new credentials for some hosts (I attach two screenshots).

          About the migration I keep what I said, the credentials that were migrated are in custom credential domains and the rest are in global domain.

           

          Greetings!!

          Show
          danixu86 Daniel Carrasco added a comment - Finally is similar to what I said: That credential were for git connection and were not neccessary for ssh connection because the entire credentials were configured on hosts configuration page. Now the credentials of hosts are configured by a combobox where you see all created credential, so now you need to create credentials for both (ssh and git) and that's why I had to create new credentials for some hosts (I attach two screenshots). About the migration I keep what I said, the credentials that were migrated are in custom credential domains and the rest are in global domain.   Greetings!!
          Hide
          danixu86 Daniel Carrasco added a comment -

          Hello,

           

          I'm not fully sure because the most of configurations were made by my fellow worker, but this is what I've observed:

          • The two that were migrated are in custom credential domains and the other are in Global domain.
          • I think that the ssh credentials weren't merged. Instead that seems to be that hosts shared the same credential (username), and the private key was set on other site (but i don't remember where). Now the option to set the private key on the other site is gone, so I had to create that credentials to make it work.

          I'm recovering a backup to do some test so later maybe I'll update this post with new info.

          As I think, maybe only the first can be bug related, because the global credentials weren't migrated. The second can be just a wrong management by our side.

           

          Greetings!!, and thanks for you interest.

          Show
          danixu86 Daniel Carrasco added a comment - Hello,   I'm not fully sure because the most of configurations were made by my fellow worker, but this is what I've observed: The two that were migrated are in custom credential domains and the other are in Global domain. I think that the ssh credentials weren't merged. Instead that seems to be that hosts shared the same credential (username), and the private key was set on other site (but i don't remember where). Now the option to set the private key on the other site is gone, so I had to create that credentials to make it work. I'm recovering a backup to do some test so later maybe I'll update this post with new info. As I think, maybe only the first can be bug related, because the global credentials weren't migrated. The second can be just a wrong management by our side.   Greetings!!, and thanks for you interest.
          Hide
          ljader Łukasz Jąder added a comment -

          Hi Daniel Carrasco,
          I'm glad that you no longer experience this issue, however the invalid credentials migration (which looks like it's happening here) sounds like a serious problem.

          In my opinion this issue should be reopened and analyzed again due to following indicators that something might not work as intended:

          • "Only two of all seems to have been migrated"
          • "The new system changes the way it login into machines so I had to create some credentials that didn't exist"

          Maybe in your 2.4 config some jobs had the same credentials for the same sites, so in 2.5 they were merged into 1 credential and this led to some failure in your jobs.

          I would really like to understand what happened here and if it's a bug or not .

          Show
          ljader Łukasz Jąder added a comment - Hi Daniel Carrasco , I'm glad that you no longer experience this issue, however the invalid credentials migration (which looks like it's happening here) sounds like a serious problem. In my opinion this issue should be reopened and analyzed again due to following indicators that something might not work as intended: "Only two of all seems to have been migrated" "The new system changes the way it login into machines so I had to create some credentials that didn't exist" Maybe in your 2.4 config some jobs had the same credentials for the same sites, so in 2.5 they were merged into 1 credential and this led to some failure in your jobs. I would really like to understand what happened here and if it's a bug or not .
          Hide
          danixu86 Daniel Carrasco added a comment -

          I've found the problem, so it's fixed.

           

          Thanks for all your help.

          Show
          danixu86 Daniel Carrasco added a comment - I've found the problem, so it's fixed.   Thanks for all your help.
          Hide
          danixu86 Daniel Carrasco added a comment - - edited

          Hello,

           

          Thanks for the response.

           

          1. Only two of all seems to have been migrated
          2. The credentials are selected on the combobox
          3. Thanks, I've seen that the most of sites configurations were reset with that update. Only the migrated ssh configurations are Ok.
          4. I think that will be fixed with point three, but no, my keys haven't passphrase (and works from terminal).

          My old version was 2.4, and after downgrade has started to work without problem. I'll edit the configuration of all sites and I'll edit this post with the result.

           

          Greetings!!

           

          EDIT: Finally that was the problem. The new system changes the way it login into machines so I had to create some credentials that didn't exist and now is working fine.

           

          Thanks!!

          Show
          danixu86 Daniel Carrasco added a comment - - edited Hello,   Thanks for the response.   Only two of all seems to have been migrated The credentials are selected on the combobox Thanks, I've seen that the most of sites configurations were reset with that update. Only the migrated ssh configurations are Ok. I think that will be fixed with point three, but no, my keys haven't passphrase (and works from terminal). My old version was 2.4, and after downgrade has started to work without problem. I'll edit the configuration of all sites and I'll edit this post with the result.   Greetings!!   EDIT: Finally that was the problem. The new system changes the way it login into machines so I had to create some credentials that didn't exist and now is working fine.   Thanks!!
          Hide
          ljader Łukasz Jąder added a comment -

          Daniel Carrasco SSH v. 2.5 was designed to use of standard ssh-credentials plugin instead of storing the keys using own mechanism.

          Could you check (and maybe attach screenshots) of the following:
          1. Can find migrated credentials in Credentials page (JENKINS_URL/credentials/)?
              There should be credentials with "ssh-plugin" added in name.

          2. Each configured ssh site/host should have credentials assigned to it in Global Configure page (JENKINS_URL/configure) - is there any credential selected in the combobox?

          3. Each configured ssh site/host should have "Check connection" button to verify if connection using host info and selected credentials is possible - could you check it and let me know of the results after click?
          Maybe there is an error shown?

          4. Are your keys using passphrase?

          Of course this should be checked on SSH 2.5. What was your ssh-plugin version before upgrade? 2.4?

          If the error will still occur, I think you'll need to provide your ssh config file (of course with credentials and other values obfuscated).

          Show
          ljader Łukasz Jąder added a comment - Daniel Carrasco SSH v. 2.5 was designed to use of standard ssh-credentials plugin instead of storing the keys using own mechanism. Could you check (and maybe attach screenshots) of the following: 1. Can find migrated credentials in Credentials page (JENKINS_URL/credentials/)?     There should be credentials with "ssh-plugin" added in name. 2. Each configured ssh site/host should have credentials assigned to it in Global Configure page (JENKINS_URL/configure) - is there any credential selected in the combobox? 3. Each configured ssh site/host should have "Check connection" button to verify if connection using host info and selected credentials is possible - could you check it and let me know of the results after click? Maybe there is an error shown? 4. Are your keys using passphrase? Of course this should be checked on SSH 2.5. What was your ssh-plugin version before upgrade? 2.4? If the error will still occur, I think you'll need to provide your ssh config file (of course with credentials and other values obfuscated).

            People

            Assignee:
            ljader Łukasz Jąder
            Reporter:
            danixu86 Daniel Carrasco
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: