Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60629

Openshift injection of ssh private key into jenkins needs manual update to work for SSH Agent

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: openshift-sync-plugin
    • Labels:
      None
    • Environment:
      OpenShift Master: v3.11.129
      Jenkins: 2.164.2
      Jenkins sync plugin: 1.0.34
      SSH agent plugin: 1.17
    • Similar Issues:

      Description

      I am configuring a permanent ssh agent in a Jenkins pod that runs on an Openshift cluster and for that purpose I inject the private ssh key from an openshift secret.

      When I deploy the jenkins pod, the ssh agent does not manage to start. The error message is:

      [09/30/19 08:48:54] [SSH] Opening SSH connection to ${server-adress}:22.
      [09/30/19 08:48:56] [SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
      ERROR: Server rejected the 1 private key(s) for jenkins
       (credentialId:project-ssh-agent/method:publickey)
      [09/30/19 08:48:56] [SSH] Authentication failed.
      Authentication failed.
      [09/30/19 08:48:56] Launch failed - cleaning up connection
      [09/30/19 08:48:56] [SSH] Connection closed. 

      In order to get the connection working, I go to the credentials store in the Jenkins UI https://${jenkins-url}/credentials/store/system/domain/_/credential/project-ssh-agent/update, go to Update credentials and click on Save without having changed anything about the credentials.

      Clicking on relaunch agent now spawns the agent using the ssh connection to connect to the remote server as configured.

      Considerations

      The injection works fine and the resulting ssh-key in the Jenkins credentials store can directly be used for ssh-based git checkouts. I previously had opened a ticket about this with the openshift jenkins-sync-plugin support (https://github.com/openshift/jenkins-sync-plugin/issues/345).

        Attachments

          Activity

          jdstamp Julian Stamp created issue -
          jdstamp Julian Stamp made changes -
          Field Original Value New Value
          Description I am configuring a permanent ssh agent in a Jenkins pod that runs on an Openshift cluster and for that purpose I inject the private ssh key from an openshift secret.

          When I deploy the jenkins pod, the ssh agent does not manage to start. The error message is:
          {code:java}
          [09/30/19 08:48:54] [SSH] Opening SSH connection to ${server-adress}:22.
          [09/30/19 08:48:56] [SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
          ERROR: Server rejected the 1 private key(s) for jenkins
           (credentialId:project-ssh-agent/method:publickey)
          [09/30/19 08:48:56] [SSH] Authentication failed.
          Authentication failed.
          [09/30/19 08:48:56] Launch failed - cleaning up connection
          [09/30/19 08:48:56] [SSH] Connection closed. {code}
          In order to get the connection working, I go to the credentials store in the Jenkins UI {{https://${jenkins-url}/credentials/store/system/domain/_/credential/project-ssh-agent/update}}, go to {{Update}} credentials and click on {{Save}} without having changed anything about the credentials.

          Clicking on {{relaunch agent}} now spawns the agent using the ssh connection to connect to the remote server as configured.
          h3. Considerations

          The injection works fine and the resulting ssh-key in the Jenkins credentials store can directly be used for ssh-based git checkouts. I previously had opened a ticket about this with the openshift jenkins-sync-plugin support ([https://github.com/openshift/jenkins-sync-plugin/issues/345)|https://github.com/openshift/jenkins-sync-plugin/issues/345).].
          I am configuring a permanent ssh agent in a Jenkins pod that runs on an Openshift cluster and for that purpose I inject the private ssh key from an openshift secret.

          When I deploy the jenkins pod, the ssh agent does not manage to start. The error message is:
          {code:bash}
          [09/30/19 08:48:54] [SSH] Opening SSH connection to ${server-adress}:22.
          [09/30/19 08:48:56] [SSH] SSH host key matches key seen previously for this host. Connection will be allowed.
          ERROR: Server rejected the 1 private key(s) for jenkins
           (credentialId:project-ssh-agent/method:publickey)
          [09/30/19 08:48:56] [SSH] Authentication failed.
          Authentication failed.
          [09/30/19 08:48:56] Launch failed - cleaning up connection
          [09/30/19 08:48:56] [SSH] Connection closed. {code}
          In order to get the connection working, I go to the credentials store in the Jenkins UI {{https://${jenkins-url}/credentials/store/system/domain/_/credential/project-ssh-agent/update}}, go to {{Update}} credentials and click on {{Save}} without having changed anything about the credentials.

          Clicking on {{relaunch agent}} now spawns the agent using the ssh connection to connect to the remote server as configured.
          h3. Considerations

          The injection works fine and the resulting ssh-key in the Jenkins credentials store can directly be used for ssh-based git checkouts. I previously had opened a ticket about this with the openshift jenkins-sync-plugin support ([https://github.com/openshift/jenkins-sync-plugin/issues/345)|https://github.com/openshift/jenkins-sync-plugin/issues/345).].
          jdstamp Julian Stamp made changes -
          Environment OpenShift Master: v3.11.129
          Jenkins: 2.164.2
          Sync plugin: 1.0.34
          SSH agent plugin: 1.17
          OpenShift Master: v3.11.129
          Jenkins: 2.164.2
          Jenkins sync plugin: 1.0.34
          SSH agent plugin: 1.17
          jglick Jesse Glick made changes -
          Component/s ssh-slaves-plugin [ 15578 ]
          Component/s ssh-agent-plugin [ 17509 ]
          ifernandezcalvo Ivan Fernandez Calvo made changes -
          Component/s openshift-sync-plugin [ 21623 ]
          Component/s ssh-slaves-plugin [ 15578 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jdstamp Julian Stamp
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: