-
Bug
-
Resolution: Not A Defect
-
Minor
-
Jenkins 2.164.1
I recently created an SSH rsa key that was 8192 bits in size and stored it in the credentials repository. I found that Ansible playbooks did not work with a key of this size.
09:50:52 [Install - Nagios Core] $ ansible-playbook "/var/lib/jenkins/workspace/Install - Nagios Core/ansible/prepare_os.yml" --private-key "/var/lib/jenkins/workspace/Install - Nagios Core/ssh581441855617245626.key" -u root -i core-057, -e "target=core-057, product=nagios os_name=fedora os_version=29 os_version_minor= ansible_become_pass=" 09:50:52 09:50:52 PLAY [Prepare Operating System] ************************************************ 09:50:52 09:50:52 TASK [Gathering Facts] ********************************************************* 09:50:52 fatal: [core-057]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'core-057,2001:44b8:3132:25:10:25:5:190' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true} 09:50:52 to retry, use: --limit @/var/lib/jenkins/workspace/Install - Nagios Core/ansible/prepare_os.retry
I could confirm from the command line that if I created the keyfile I was able to execute the ansible-playbook command and it worked. So it's not an ansible issue with keyfiles of that size, it's something to do with Jenkins creating that keyfile (I think).
After some trial and error I found that an 4096 bit key worked but anything larger failed (like 4097).
ssh-keygen -b 4097
I know this is an edge case, bit I've spent about 3 hours getting to the root cause of the issue so hopefully it'll help someone else.
I am embarrassed to say that this bug report I created is incorrect. The whole issue turned out to be how I copied the private key from my linux host and pasted it into the Jenkins credentials repository.
I had "cat id_rsa", copied the output and pasted it into the credentials repository and this was the cause of all my problems.
When I opened id_rsa in my text editor (geany) and copied it that way it correctly pasted it into the credentials repository and worked fine.
It's really strange, because I did a test where I copied the entry from the credentials repository into the ssh581441855617245626.key example file above and it worked, so I assumed that the key was OK. But clearly the copy from the weird entry in credentials repository was fixed when I pasted it into a file.