-
Type:
Bug
-
Resolution: Not A Defect
-
Priority:
Minor
-
Component/s: ansible-plugin
-
Environment:Jenkins 2.164.1
I recently created an SSH rsa key that was 8192 bits in size and stored it in the credentials repository. I found that Ansible playbooks did not work with a key of this size.
Â
Â
09:50:52 [Install - Nagios Core] $ ansible-playbook "/var/lib/jenkins/workspace/Install - Nagios Core/ansible/prepare_os.yml" --private-key "/var/lib/jenkins/workspace/Install - Nagios Core/ssh581441855617245626.key" -u root -i core-057, -e "target=core-057, product=nagios os_name=fedora os_version=29 os_version_minor= ansible_become_pass=" 09:50:52 09:50:52 PLAY [Prepare Operating System] ************************************************ 09:50:52 09:50:52 TASK [Gathering Facts] ********************************************************* 09:50:52 fatal: [core-057]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'core-057,2001:44b8:3132:25:10:25:5:190' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true} 09:50:52 to retry, use: --limit @/var/lib/jenkins/workspace/Install - Nagios Core/ansible/prepare_os.retry
Â
Â
I could confirm from the command line that if I created the keyfile I was able to execute the ansible-playbook command and it worked. So it's not an ansible issue with keyfiles of that size, it's something to do with Jenkins creating that keyfile (I think).
Â
After some trial and error I found that an 4096 bit key worked but anything larger failed (like 4097).
Â
Â
ssh-keygen -b 4097
Â
Â
I know this is an edge case, bit I've spent about 3 hours getting to the root cause of the issue so hopefully it'll help someone else.
