-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.150.1
ssh-slaves 1.29.1
Docker image from my docker-lfs repository
-
-
Jenkins 2.157, TrileadSSH build-217-jenkins-14
The ssh-slaves plugin won't connect a Debian Buster ("testing") agent using a private key generated on Debian Buster. Debian Buster will be Debian 10 when released in Q1 2019 or Q2 2019.
It will connect to a Debian Buster agent using a private key generated on Ubuntu 16 or Debian 9, but not with a key generated on Debian Buster.
The same problem exists for ed25519 private keys and for rsa private keys.
The message is Unknown Cipher: aes256-ctr and the stack trace reported by the ssh-slaves plugin is:
[12/11/18 16:26:08] [SSH] SSH host key matches key seen previously for this host. Connection will be allowed. ERROR: SSH authentication failed java.lang.IllegalArgumentException: Unknown Cipher: aes256-ctr at com.trilead.ssh2.signature.OpenSshCertificateDecoder$SshCipher.getInstance(OpenSshCertificateDecoder.java:207) at com.trilead.ssh2.signature.OpenSshCertificateDecoder.createKeyPair(OpenSshCertificateDecoder.java:77) at com.trilead.ssh2.crypto.PEMDecoder.decodeKeyPair(PEMDecoder.java:493) at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:225) at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:483) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:436) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:455) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1213) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:846) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:833) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) [12/11/18 16:26:08] [SSH] Authentication failed.
The alternative is to generate a private key / public key pair on another computer and copy it to the Debian Buster machine.
- links to
[JENKINS-55133] Debian Buster private keys rejected for ssh agents
Summary | Original: Debian Buster ("testing") private keys rejected for ssh agents | New: Debian Buster private keys rejected for ssh agents |
Component/s | New: trilead-api-plugin [ 22324 ] |
Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Remote Link | New: This issue links to "PR (Web Link)" [ 22132 ] |
Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Released As | New: Jenkins 2.157, TrileadSSH build-217-jenkins-14 | |
Resolution | New: Fixed [ 1 ] | |
Status | Original: In Review [ 10005 ] | New: Resolved [ 5 ] |
This cipher is supported in the last version of trilead-ssh2 module https://github.com/jenkinsci/trilead-ssh2/commit/292e20a6f851738f2f490ce6c76d78641c185681#diff-bd7779c706cf8e284b646d8b88d1194f but this version is not in the core, because of that I tried to push the move to use trilead-api-plugin, but I failed.