Details
-
Bug
-
Status: Resolved (View Workflow)
-
Critical
-
Resolution: Fixed
-
Jenkins LTS 2.222.4
All latest plugins including Script Security update to 1.73
Description
Slaves/Nodes do not start after latest plugin updates.
Narrowed down to Trilead version 1.0.7
Causes error :
SSHLauncher
[06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22.
Searching for xxx in /home/blabla/.ssh/known_hosts
Searching for xxx:22 in /home/blabla/.ssh/known_hosts
[06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed.
ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)
[06/04/20 14:30:19] [SSH] Authentication failed.
Authentication failed.
[06/04/20 14:30:19] Launch failed - cleaning up connection
[06/04/20 14:30:19] [SSH] Connection closed.
Attachments
Activity
Steve Graham
created issue -
Steve Graham
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Labels | plugin slave | plugin regression slave |
Steve Graham
made changes -
| Description |
Nodes do not start after latest pluginn updates. Narrowed down to Trilead version 1.0.7 Causes error : SSHLauncher{host='xxx', port=22, credentialsId='myCredentials', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true} [06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22. Searching for xxx in /home/blabla/.ssh/known_hosts Searching for xxx:22 in /home/blabla/.ssh/known_hosts [06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed. *ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)* [06/04/20 14:30:19] [SSH] Authentication failed. Authentication failed. [06/04/20 14:30:19] Launch failed - cleaning up connection [06/04/20 14:30:19] [SSH] Connection closed. |
Slaves/Nodes do not start after latest plugin updates. Narrowed down to Trilead version 1.0.7 Causes error : SSHLauncher{host='xxx', port=22, credentialsId='myCredentials', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true} [06/04/20 14:30:19] [SSH] Opening SSH connection to xxx:22. Searching for xxx in /home/blabla/.ssh/known_hosts Searching for xxx:22 in /home/blabla/.ssh/known_hosts [06/04/20 14:30:19] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed. *ERROR: Server rejected the 1 private key(s) for blabla(credentialId:myCredentials/method:publickey)* [06/04/20 14:30:19] [SSH] Authentication failed. Authentication failed. [06/04/20 14:30:19] Launch failed - cleaning up connection [06/04/20 14:30:19] [SSH] Connection closed. |
ethorsa
added a comment - I can confirm the problem with username / password connections (trilead-api v1.0.7). Downgrade to 1.0.6 solved it for me too.
ethorsa
added a comment - I can confirm the problem with username / password connections (trilead-api v1.0.7). Downgrade to 1.0.6 solved it for me too. jvz Do you have time to work on it? if not I will revert the trilead-ssh2 upgrade
ethorsa sgjenkins could you post the header of those keys? should be something like these
----BEGIN OPENSSH PRIVATE KEY----
----BEGIN RSA PRIVATE KEY----
----BEGIN EC PRIVATE KEY----
----BEGIN DSA PRIVATE KEY----
Yeah, I'll be looking into this today. I'll let you know if the fix doesn't seem trivial enough to implement today so you can revert until I have a full fix.
ethorsa
added a comment - Username / password connections shouldn't send these headers? Doesn't matter if you use a password; if the server host key is RSA, then this is likely the bug.
| Assignee | Ivan Fernandez Calvo [ ifernandezcalvo ] | Matt Sicker [ jvz ] |
Can confirm that reverting to the previous version of trilead solved the problem. In my case, the issue was only presenting when connecting from our Linux master node to a macOS agent.
Steve Graham
added a comment - ( sorry - was out of office..)
Do you still need info?
I have a linux -> linux environment, all running the same linux version. Jenkins user can login to all machines with ssh.
Yes it is an RSA key.
Steve Graham
added a comment - ( sorry - was out of office..)
Do you still need info?
I have a linux -> linux environment, all running the same linux version. Jenkins user can login to all machines with ssh.
Yes it is an RSA key.
We figured out the issue. The first PR was reverted, and I have a new PR open to support RSA with SHA-2 signatures.
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | In Review [ 10005 ] |
| Resolution | Fixed [ 1 ] | |
| Status | In Review [ 10005 ] | Resolved [ 5 ] |
revert to Trilead 1.0.6 and the connection to slaves works again.