Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62567

ERROR: Server rejected the 1 private key(s) for ...

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Slaves/Nodes do not start after latest plugin updates.
      Narrowed down to Trilead version 1.0.7

      Causes error :
      SSHLauncher

      {host='xxx', port=22, credentialsId='myCredentials', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}

      [06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22.
      Searching for xxx in /home/blabla/.ssh/known_hosts
      Searching for xxx:22 in /home/blabla/.ssh/known_hosts
      [06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed.
      ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)
      [06/04/20 14:30:19] [SSH] Authentication failed.
      Authentication failed.
      [06/04/20 14:30:19] Launch failed - cleaning up connection
      [06/04/20 14:30:19] [SSH] Connection closed.

        Attachments

          Activity

          sgjenkins Steve Graham created issue -
          Hide
          sgjenkins Steve Graham added a comment -

          revert to Trilead 1.0.6 and the connection to slaves works again.

          Show
          sgjenkins Steve Graham added a comment - revert to Trilead 1.0.6 and the connection to slaves works again.
          sgjenkins Steve Graham made changes -
          Field Original Value New Value
          Labels plugin slave plugin regression slave
          sgjenkins Steve Graham made changes -
          Description Nodes do not start after latest pluginn updates.
          Narrowed down to Trilead version 1.0.7

          Causes error :
          SSHLauncher{host='xxx', port=22, credentialsId='myCredentials', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
          [06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22.
          Searching for xxx in /home/blabla/.ssh/known_hosts
          Searching for xxx:22 in /home/blabla/.ssh/known_hosts
          [06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed.
          *ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)*
          [06/04/20 14:30:19] [SSH] Authentication failed.
          Authentication failed.
          [06/04/20 14:30:19] Launch failed - cleaning up connection
          [06/04/20 14:30:19] [SSH] Connection closed.

          Slaves/Nodes do not start after latest plugin updates.
          Narrowed down to Trilead version 1.0.7

          Causes error :
          SSHLauncher{host='xxx', port=22, credentialsId='myCredentials', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
          [06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22.
          Searching for xxx in /home/blabla/.ssh/known_hosts
          Searching for xxx:22 in /home/blabla/.ssh/known_hosts
          [06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed.
          *ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)*
          [06/04/20 14:30:19] [SSH] Authentication failed.
          Authentication failed.
          [06/04/20 14:30:19] Launch failed - cleaning up connection
          [06/04/20 14:30:19] [SSH] Connection closed.

          Hide
          jvz Matt Sicker added a comment -

          Steve Graham Is this an RSA key?

          Show
          jvz Matt Sicker added a comment - Steve Graham Is this an RSA key?
          Hide
          ethorsa ethorsa added a comment -

          I can confirm the problem with username / password connections (trilead-api v1.0.7). Downgrade to 1.0.6 solved it for me too.

          Show
          ethorsa ethorsa added a comment - I can confirm the problem with username / password connections (trilead-api v1.0.7). Downgrade to 1.0.6 solved it for me too.
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          Matt Sicker Do you have time to work on it? if not I will revert the trilead-ssh2 upgrade

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - Matt Sicker Do you have time to work on it? if not I will revert the trilead-ssh2 upgrade
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          ethorsa Steve Graham could you post the header of those keys? should be something like these

          ----BEGIN OPENSSH PRIVATE KEY----
          ----BEGIN RSA PRIVATE KEY----
          ----BEGIN EC PRIVATE KEY----
          ----BEGIN DSA PRIVATE KEY----

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - ethorsa Steve Graham could you post the header of those keys? should be something like these ---- BEGIN OPENSSH PRIVATE KEY ---- ---- BEGIN RSA PRIVATE KEY ---- ---- BEGIN EC PRIVATE KEY ---- ---- BEGIN DSA PRIVATE KEY ----
          Hide
          jvz Matt Sicker added a comment -

          Yeah, I'll be looking into this today. I'll let you know if the fix doesn't seem trivial enough to implement today so you can revert until I have a full fix.

          Show
          jvz Matt Sicker added a comment - Yeah, I'll be looking into this today. I'll let you know if the fix doesn't seem trivial enough to implement today so you can revert until I have a full fix.
          Hide
          ethorsa ethorsa added a comment -

          Username / password connections shouldn't send these headers?

          Show
          ethorsa ethorsa added a comment - Username / password connections shouldn't send these headers?
          Hide
          jvz Matt Sicker added a comment -

          Doesn't matter if you use a password; if the server host key is RSA, then this is likely the bug.

          Show
          jvz Matt Sicker added a comment - Doesn't matter if you use a password; if the server host key is RSA, then this is likely the bug.
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          trilead-api v1.0.8 revert the change

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - trilead-api v1.0.8 revert the change
          ifernandezcalvo Ivan Fernandez Calvo made changes -
          Assignee Ivan Fernandez Calvo [ ifernandezcalvo ] Matt Sicker [ jvz ]
          Hide
          tidbitsoftware Justin Quinn added a comment -

          Can confirm that reverting to the previous version of trilead solved the problem. In my case, the issue was only presenting when connecting from our Linux master node to a macOS agent.

          Show
          tidbitsoftware Justin Quinn added a comment - Can confirm that reverting to the previous version of trilead solved the problem. In my case, the issue was only presenting when connecting from our Linux master node to a macOS agent.
          Hide
          sgjenkins Steve Graham added a comment -

          ( sorry - was out of office..)
          Do you still need info?
          I have a linux -> linux environment, all running the same linux version. Jenkins user can login to all machines with ssh.
          Yes it is an RSA key.

          Show
          sgjenkins Steve Graham added a comment - ( sorry - was out of office..) Do you still need info? I have a linux -> linux environment, all running the same linux version. Jenkins user can login to all machines with ssh. Yes it is an RSA key.
          Hide
          jvz Matt Sicker added a comment - - edited

          We figured out the issue. The first PR was reverted, and I have a new PR open to support RSA with SHA-2 signatures.

          PR: https://github.com/jenkinsci/trilead-ssh2/pull/47

          Show
          jvz Matt Sicker added a comment - - edited We figured out the issue. The first PR was reverted, and I have a new PR open to support RSA with SHA-2 signatures. PR: https://github.com/jenkinsci/trilead-ssh2/pull/47
          jvz Matt Sicker made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          jvz Matt Sicker made changes -
          Status In Progress [ 3 ] In Review [ 10005 ]
          Hide
          jvz Matt Sicker added a comment -

          Looks like this was merged already.

          Show
          jvz Matt Sicker added a comment - Looks like this was merged already.
          jvz Matt Sicker made changes -
          Resolution Fixed [ 1 ]
          Status In Review [ 10005 ] Resolved [ 5 ]

            People

            Assignee:
            jvz Matt Sicker
            Reporter:
            sgjenkins Steve Graham
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: