Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50181

ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Fixed
    • None
    • ssh-credentials-1.17.1

    Description

      Repro:

      • Add Credentials
          - set Kind to "SSH Username with private key"
          - tick "enter directly"
          - paste a password-less private key without a trailing newline
      • Attempt to use credentials (I used ssh-agent from a Jenkinsfile)
      • Observe that ssh-add will prompt for a passphrase in the logs and the ssh-add has failed.

      The relevant part of my logs looked like this:

      ```
      [Pipeline] sshagent
      [ssh-agent] Using credentials jenkins (Github SSH key)
      [ssh-agent] Looking for ssh-agent implementation...
      [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
      $ ssh-agent
      SSH_AUTH_SOCK=/tmp/ssh-rEGjLSRTHULl/agent.3927
      SSH_AGENT_PID=3929
      [ssh-agent] started an agent
      $ ssh-add /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key
      Enter passphrase for /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key: [Pipeline] // sshagent
      [Pipeline] }
      [Pipeline] // stage
      [Pipeline] }
      [Pipeline] // withEnv
      [Pipeline] }
      [Pipeline] // node
      [Pipeline] End of Pipeline
      ERROR: Failed to run ssh-add
      Finished: FAILURE

      ```

      Adding the trailing newline to input in the web-ui resolves this issue. Adding multiple newlines didn't seem have any adverse effect so Jenkins should probably just add a newline when it writes the keyfile.

      Attachments

        Issue Links

          Activity

            liath John Jones created issue -
            liath John Jones made changes -
            Field Original Value New Value
            Description Repro:
            - Add Credentials
              - set Kind to "SSH Username with private key"
              - tick "enter directly"
              - paste a password-less private key without a trailing newline
            - Attempt to use credentials (I used ssg-agent from a Jenkinsfile)
            - Observe that ssh-add will prompt for a passphrase in the logs and the ssh-add has failed.

            The relevant part of my logs looked like this:

            ```
            [Pipeline] sshagent
            [ssh-agent] Using credentials jenkins (Github SSH key)
            [ssh-agent] Looking for ssh-agent implementation...
            [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
            $ ssh-agent
            SSH_AUTH_SOCK=/tmp/ssh-rEGjLSRTHULl/agent.3927
            SSH_AGENT_PID=3929
            [ssh-agent] started an agent
            $ ssh-add /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key
            Enter passphrase for /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key: [Pipeline] // sshagent
            [Pipeline] }
            [Pipeline] // stage
            [Pipeline] }
            [Pipeline] // withEnv
            [Pipeline] }
            [Pipeline] // node
            [Pipeline] End of Pipeline
            ERROR: Failed to run ssh-add
            Finished: FAILURE

            ```

            Adding the trailing newline to input in the web-ui resolves this issue. Adding multiple newlines didn't seem have any adverse effect so Jenkins should probably just add a newline when it writes the keyfile.
            Repro:
             - Add Credentials
               - set Kind to "SSH Username with private key"
               - tick "enter directly"
               - paste a password-less private key without a trailing newline
             - Attempt to use credentials (I used ssh-agent from a Jenkinsfile)
             - Observe that ssh-add will prompt for a passphrase in the logs and the ssh-add has failed.

            The relevant part of my logs looked like this:

            ```
             [Pipeline] sshagent
             [ssh-agent] Using credentials jenkins (Github SSH key)
             [ssh-agent] Looking for ssh-agent implementation...
             [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
             $ ssh-agent
             SSH_AUTH_SOCK=/tmp/ssh-rEGjLSRTHULl/agent.3927
             SSH_AGENT_PID=3929
             [ssh-agent] started an agent
             $ ssh-add /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key
             Enter passphrase for /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key: [Pipeline] // sshagent
             [Pipeline] }
             [Pipeline] // stage
             [Pipeline] }
             [Pipeline] // withEnv
             [Pipeline] }
             [Pipeline] // node
             [Pipeline] End of Pipeline
             ERROR: Failed to run ssh-add
             Finished: FAILURE

            ```

            Adding the trailing newline to input in the web-ui resolves this issue. Adding multiple newlines didn't seem have any adverse effect so Jenkins should probably just add a newline when it writes the keyfile.
            jvz Matt Sicker made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
            jvz Matt Sicker made changes -
            Released As ssh-credentials-1.17.1
            Status Fixed but Unreleased [ 10203 ] Resolved [ 5 ]
            dnusbaum Devin Nusbaum made changes -
            Remote Link This issue links to "jenkinsci/ssh-credentials-plugin#46 (Web Link)" [ 25009 ]
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-43564 [ JENKINS-43564 ]

            People

              dnusbaum Devin Nusbaum
              liath John Jones
              Votes:
              4 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: