Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62567

ERROR: Server rejected the 1 private key(s) for ...

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • trilead-api-plugin
    • Jenkins LTS 2.222.4
      All latest plugins including Script Security update to 1.73

      Slaves/Nodes do not start after latest plugin updates.
      Narrowed down to Trilead version 1.0.7

      Causes error :
      SSHLauncher

      {host='xxx', port=22, credentialsId='myCredentials', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}

      [06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22.
      Searching for xxx in /home/blabla/.ssh/known_hosts
      Searching for xxx:22 in /home/blabla/.ssh/known_hosts
      [06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed.
      ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)
      [06/04/20 14:30:19] [SSH] Authentication failed.
      Authentication failed.
      [06/04/20 14:30:19] Launch failed - cleaning up connection
      [06/04/20 14:30:19] [SSH] Connection closed.

          [JENKINS-62567] ERROR: Server rejected the 1 private key(s) for ...

          Ivan Fernandez Calvo added a comment -

          jvz Do you have time to work on it? if not I will revert the trilead-ssh2 upgrade

          Ivan Fernandez Calvo added a comment - jvz Do you have time to work on it? if not I will revert the trilead-ssh2 upgrade

          Ivan Fernandez Calvo added a comment -

          ethorsa sgjenkins could you post the header of those keys? should be something like these

          ----BEGIN OPENSSH PRIVATE KEY----
          ----BEGIN RSA PRIVATE KEY----
          ----BEGIN EC PRIVATE KEY----
          ----BEGIN DSA PRIVATE KEY----

          Ivan Fernandez Calvo added a comment - ethorsa sgjenkins could you post the header of those keys? should be something like these ---- BEGIN OPENSSH PRIVATE KEY ---- ---- BEGIN RSA PRIVATE KEY ---- ---- BEGIN EC PRIVATE KEY ---- ---- BEGIN DSA PRIVATE KEY ----

          Matt Sicker added a comment -

          Yeah, I'll be looking into this today. I'll let you know if the fix doesn't seem trivial enough to implement today so you can revert until I have a full fix.

          Matt Sicker added a comment - Yeah, I'll be looking into this today. I'll let you know if the fix doesn't seem trivial enough to implement today so you can revert until I have a full fix.

          ethorsa added a comment -

          Username / password connections shouldn't send these headers?

          ethorsa added a comment - Username / password connections shouldn't send these headers?

          Matt Sicker added a comment -

          Doesn't matter if you use a password; if the server host key is RSA, then this is likely the bug.

          Matt Sicker added a comment - Doesn't matter if you use a password; if the server host key is RSA, then this is likely the bug.

          Ivan Fernandez Calvo added a comment -

          trilead-api v1.0.8 revert the change

          Ivan Fernandez Calvo added a comment - trilead-api v1.0.8 revert the change

          Justin Quinn added a comment -

          Can confirm that reverting to the previous version of trilead solved the problem. In my case, the issue was only presenting when connecting from our Linux master node to a macOS agent.

          Justin Quinn added a comment - Can confirm that reverting to the previous version of trilead solved the problem. In my case, the issue was only presenting when connecting from our Linux master node to a macOS agent.

          Steve Graham added a comment -

          ( sorry - was out of office..)
          Do you still need info?
          I have a linux -> linux environment, all running the same linux version. Jenkins user can login to all machines with ssh.
          Yes it is an RSA key.

          Steve Graham added a comment - ( sorry - was out of office..) Do you still need info? I have a linux -> linux environment, all running the same linux version. Jenkins user can login to all machines with ssh. Yes it is an RSA key.

          Matt Sicker added a comment - - edited

          We figured out the issue. The first PR was reverted, and I have a new PR open to support RSA with SHA-2 signatures.

          PR: https://github.com/jenkinsci/trilead-ssh2/pull/47

          Matt Sicker added a comment - - edited We figured out the issue. The first PR was reverted, and I have a new PR open to support RSA with SHA-2 signatures. PR: https://github.com/jenkinsci/trilead-ssh2/pull/47

          Matt Sicker added a comment -

          Looks like this was merged already.

          Matt Sicker added a comment - Looks like this was merged already.

            jvz Matt Sicker
            sgjenkins Steve Graham
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: