Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55133

Debian Buster private keys rejected for ssh agents

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • ssh-slaves-plugin, trilead-api-plugin
    • None
    • Jenkins 2.150.1
      ssh-slaves 1.29.1
      Docker image from my docker-lfs repository
    • Jenkins 2.157, TrileadSSH build-217-jenkins-14

      The ssh-slaves plugin won't connect a Debian Buster ("testing") agent using a private key generated on Debian Buster. Debian Buster will be Debian 10 when released in Q1 2019 or Q2 2019.

      It will connect to a Debian Buster agent using a private key generated on Ubuntu 16 or Debian 9, but not with a key generated on Debian Buster.

      The same problem exists for ed25519 private keys and for rsa private keys.

      The message is Unknown Cipher: aes256-ctr and the stack trace reported by the ssh-slaves plugin is:

      [12/11/18 16:26:08] [SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
ERROR: SSH authentication failed
java.lang.IllegalArgumentException: Unknown Cipher: aes256-ctr
	at com.trilead.ssh2.signature.OpenSshCertificateDecoder$SshCipher.getInstance(OpenSshCertificateDecoder.java:207)
	at com.trilead.ssh2.signature.OpenSshCertificateDecoder.createKeyPair(OpenSshCertificateDecoder.java:77)
	at com.trilead.ssh2.crypto.PEMDecoder.decodeKeyPair(PEMDecoder.java:493)
	at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:225)
	at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:483)
	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:436)
	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:455)
	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1213)
	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:846)
	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:833)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
[12/11/18 16:26:08] [SSH] Authentication failed.

      The alternative is to generate a private key / public key pair on another computer and copy it to the Debian Buster machine.

            ifernandezcalvo Ivan Fernandez Calvo
            markewaite Mark Waite
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: