Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46754

2.73+ SSH agent sometimes will not start if using passphrase-protected ed25519 key

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • Jenkins 2.73.1 RC
      Jenkins plugins as stored in my lts-with-plugins branch SHA f45cc34ca0

      The Jenkins 2.73.1 LTS release fails to connect my ssh agents which use an ed25519 passphrase protected private key.  These agents connected successfully with Jenkins 2.60.3 LTS and earlier.

      I've confirmed that dsa passphrase protected private keys work in all cases and that rsa passphrase protected private keys work in all cases. The rsa private keys and ed25519 private keys which are not passphrase protected work in all cases.

      It appears to only be ed25519 private keys which are passphrase protected that have a problem in two of my six tested configurations with 2.73.1 LTS.  Those same configurations work as expected with 2.60.3 LTS.

      Failures include a stack trace:

      [09/08/17 08:56:01] SSH Launch of mark-pc2-beemarkwaite on mark-pc2.markwaite.net failed in 113 ms
Sep 08, 2017 8:56:01 AM com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator authenticate
WARNING: Uncaught exception escaped doAuthenticate method
java.lang.NoSuchMethodError: org.mindrot.jbcrypt.BCrypt.pbkdf([B[BI[B)V
at com.trilead.ssh2.signature.OpenSshCertificateDecoder.generateKayAndIvPbkdf2(OpenSshCertificateDecoder.java:135)
at com.trilead.ssh2.signature.OpenSshCertificateDecoder.createKeyPair(OpenSshCertificateDecoder.java:78)
at com.trilead.ssh2.crypto.PEMDecoder.decodeKeyPair(PEMDecoder.java:493)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:225)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:483)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:438)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:458)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1321)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:804)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:793)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)

       
      The other agent fails with a similar stack trace in the log file:

      Sep 08, 2017 9:06:13 AM com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator authenticate
WARNING: Uncaught exception escaped doAuthenticate method
java.lang.NoSuchMethodError: org.mindrot.jbcrypt.BCrypt.pbkdf([B[BI[B)V
	at com.trilead.ssh2.signature.OpenSshCertificateDecoder.generateKayAndIvPbkdf2(OpenSshCertificateDecoder.java:135)
	at com.trilead.ssh2.signature.OpenSshCertificateDecoder.createKeyPair(OpenSshCertificateDecoder.java:78)
	at com.trilead.ssh2.crypto.PEMDecoder.decodeKeyPair(PEMDecoder.java:493)
	at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:225)
	at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:483)
	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:438)
	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:458)
	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1321)
	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:804)
	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:793)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)

[09/08/17 09:06:13] SSH Launch of debian9-a-coleen on debian9-a.markwaite.net failed in 135 ms

      Problem does not appear in 2.71, 2.72, 2.73, or 2.75 on the two failing machines.
      Problem is visible in 2.73.1-rc, 2.76, and 2.77 on the two failing machines.

            jglick Jesse Glick
            markewaite Mark Waite
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: