Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63790

Trilead API v1.0.11 causes SSH agent connections to fail

    XMLWordPrintable

Details

    Description

      After upgrading to Trilead API v1.0.11 my connection to SSH clients fail with the error below:

      [09/27/20 10:23:16] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
      Key exchange was not finished, connection is closed.
      SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 5 seconds. There are 1 more retries left.
      [09/27/20 10:23:22] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
      Key exchange was not finished, connection is closed.
      ERROR: Connection is not established!

      I have reproduced this on two environments and get exactly the same results, downgrading to v1.0.10 fixes the issue.

      Attachments

        Issue Links

          Activity

            tellinger Thomas Ellinger added a comment - - edited I can confirm that https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/trilead-api/1.0.12-rc45.30c196a4f01a  fixes issue on Debian 7/9 (native)

            I just released trilead-api-1.0.12 with the fix, I will keep this issue open to try to understand what causes the issue in your environments. So I have some questions :

            • Do you pass any Java property to the Jenkins command line? Which ones?
            • Which locale do you have on those agents? you can see it by running `locale` with the user you connect.
            ifernandezcalvo Ivan Fernandez Calvo added a comment - I just released trilead-api-1.0.12 with the fix, I will keep this issue open to try to understand what causes the issue in your environments. So I have some questions : Do you pass any Java property to the Jenkins command line? Which ones? Which locale do you have on those agents? you can see it by running `locale` with the user you connect.

            I confirm that trilead-api-1.0.12 does work for me.

            Java properties etc.:

            -Xrs -Xmx1g -Xms1g -Dhudson.model.Run.ArtifactList.listCutoff=40 -Dhudson.model.Run.ArtifactList.treeCutoff=100 -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djavax.net.ssl.trustStore=%JENKINS_HOME%\.keystore\cacerts -Djavax.net.ssl.trustStorePassword=hugesecret -Dhudson.model.DirectoryBrowserSupport.CSP= -Dhudson.tasks.MailSender.SEND_TO_USERS_WITHOUT_READ=true -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS=true -jar "%BASE%\jenkins.war" --sessionTimeout=1440 --sessionEviction=43200 --httpPort=-1 --httpsPort=443 --httpsKeyStore="%JENKINS_HOME%\mykeystore.jks" --httpsKeyStorePassword="bigsecret" --webroot="%BASE%\war"

            Locales: per node type (uname)

            Some nodes are running Windows so I've not got the equivalent information for those.

            Linux (Linux hostname 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux):

            LANG=en_US.UTF-8
            LC_CTYPE="en_US.UTF-8"
            LC_NUMERIC="en_US.UTF-8"
            LC_TIME="en_US.UTF-8"
            LC_COLLATE="en_US.UTF-8"
            LC_MONETARY="en_US.UTF-8"
            LC_MESSAGES="en_US.UTF-8"
            LC_PAPER="en_US.UTF-8"
            LC_NAME="en_US.UTF-8"
            LC_ADDRESS="en_US.UTF-8"
            LC_TELEPHONE="en_US.UTF-8"
            LC_MEASUREMENT="en_US.UTF-8"
            LC_IDENTIFICATION="en_US.UTF-8"
            LC_ALL=

            IBM i (OS400 hostname 2 7):

            LANG=en_GB
            LC_COLLATE="en_GB"
            LC_CTYPE="en_GB"
            LC_MONETARY="en_GB"
            LC_NUMERIC="en_GB"
            LC_TIME="en_GB"
            LC_MESSAGES="en_GB"
            LC_ALL=

            IBM AIX (AIX hostname 1 7):

            LANG=en_US
            LC_COLLATE="en_US"
            LC_CTYPE="en_US"
            LC_MONETARY="en_US"
            LC_NUMERIC="en_US"
            LC_TIME="en_US"
            LC_MESSAGES="en_US"
            LC_ALL=

            Solaris (SunOS hostname 5.11 11.1 sun4v sparc sun4v):

            LANG=C
            LC_CTYPE="C"
            LC_NUMERIC="C"
            LC_TIME="C"
            LC_COLLATE="C"
            LC_MONETARY="C"
            LC_MESSAGES="C"
            LC_ALL=

            whittlec William Whittle added a comment - I confirm that trilead-api-1.0.12 does work for me. Java properties etc.: -Xrs -Xmx1g -Xms1g -Dhudson.model.Run.ArtifactList.listCutoff=40 -Dhudson.model.Run.ArtifactList.treeCutoff=100 -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djavax.net.ssl.trustStore=%JENKINS_HOME%\.keystore\cacerts -Djavax.net.ssl.trustStorePassword=hugesecret -Dhudson.model.DirectoryBrowserSupport.CSP= -Dhudson.tasks.MailSender.SEND_TO_USERS_WITHOUT_READ= true -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS= true -jar "%BASE%\jenkins.war" --sessionTimeout=1440 --sessionEviction=43200 --httpPort=-1 --httpsPort=443 --httpsKeyStore= "%JENKINS_HOME%\mykeystore.jks" --httpsKeyStorePassword= "bigsecret" --webroot= "%BASE%\war" Locales: per node type (uname) Some nodes are running Windows so I've not got the equivalent information for those. Linux (Linux hostname 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux): LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL= IBM i (OS400 hostname 2 7): LANG=en_GB LC_COLLATE="en_GB" LC_CTYPE="en_GB" LC_MONETARY="en_GB" LC_NUMERIC="en_GB" LC_TIME="en_GB" LC_MESSAGES="en_GB" LC_ALL= IBM AIX (AIX hostname 1 7): LANG=en_US LC_COLLATE="en_US" LC_CTYPE="en_US" LC_MONETARY="en_US" LC_NUMERIC="en_US" LC_TIME="en_US" LC_MESSAGES="en_US" LC_ALL= Solaris (SunOS hostname 5.11 11.1 sun4v sparc sun4v): LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL=
            guymahieu Guy Mahieu added a comment -

            Jenkins commandline:

            java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -Djava.io.tmpdir=/opt/jenkins/tmp -DJENKINS_HOME=/opt/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 

            Locale CentOS master:

            LANG=en_US.UTF-8
            LC_CTYPE="en_US.UTF-8"
            LC_NUMERIC="en_US.UTF-8"
            LC_TIME="en_US.UTF-8"
            LC_COLLATE="en_US.UTF-8"
            LC_MONETARY="en_US.UTF-8"
            LC_MESSAGES="en_US.UTF-8"
            LC_PAPER="en_US.UTF-8"
            LC_NAME="en_US.UTF-8"
            LC_ADDRESS="en_US.UTF-8"
            LC_TELEPHONE="en_US.UTF-8"
            LC_MEASUREMENT="en_US.UTF-8"
            LC_IDENTIFICATION="en_US.UTF-8"
            LC_ALL= 

            Locale CentOS agent:

            LANG=en_US.UTF-8
            LC_CTYPE="en_US.UTF-8"
            LC_NUMERIC="en_US.UTF-8"
            LC_TIME="en_US.UTF-8"
            LC_COLLATE="en_US.UTF-8"
            LC_MONETARY="en_US.UTF-8"
            LC_MESSAGES="en_US.UTF-8"
            LC_PAPER="en_US.UTF-8"
            LC_NAME="en_US.UTF-8"
            LC_ADDRESS="en_US.UTF-8"
            LC_TELEPHONE="en_US.UTF-8"
            LC_MEASUREMENT="en_US.UTF-8"
            LC_IDENTIFICATION="en_US.UTF-8"
            LC_ALL=
             

             

            guymahieu Guy Mahieu added a comment - Jenkins commandline: java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless= true -Djava.io.tmpdir=/opt/jenkins/tmp -DJENKINS_HOME=/opt/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/ var /log/jenkins/jenkins.log --webroot=/ var /cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 Locale CentOS master: LANG=en_US.UTF-8 LC_CTYPE= "en_US.UTF-8" LC_NUMERIC= "en_US.UTF-8" LC_TIME= "en_US.UTF-8" LC_COLLATE= "en_US.UTF-8" LC_MONETARY= "en_US.UTF-8" LC_MESSAGES= "en_US.UTF-8" LC_PAPER= "en_US.UTF-8" LC_NAME= "en_US.UTF-8" LC_ADDRESS= "en_US.UTF-8" LC_TELEPHONE= "en_US.UTF-8" LC_MEASUREMENT= "en_US.UTF-8" LC_IDENTIFICATION= "en_US.UTF-8" LC_ALL= Locale CentOS agent: LANG=en_US.UTF-8 LC_CTYPE= "en_US.UTF-8" LC_NUMERIC= "en_US.UTF-8" LC_TIME= "en_US.UTF-8" LC_COLLATE= "en_US.UTF-8" LC_MONETARY= "en_US.UTF-8" LC_MESSAGES= "en_US.UTF-8" LC_PAPER= "en_US.UTF-8" LC_NAME= "en_US.UTF-8" LC_ADDRESS= "en_US.UTF-8" LC_TELEPHONE= "en_US.UTF-8" LC_MEASUREMENT= "en_US.UTF-8" LC_IDENTIFICATION= "en_US.UTF-8" LC_ALL=  

            After evaluating all the work we have to make to maintain a dead SSHD library, we are thinking that it is better to migrate everything to a well-maintained SSHD library. The Jenkins core uses an old version of Apache Mina sshd, this library is well maintained, so we have opened an Epic issue to migrate to that library everything https://issues.jenkins-ci.org/browse/JENKINS-64104

            ifernandezcalvo Ivan Fernandez Calvo added a comment - After evaluating all the work we have to make to maintain a dead SSHD library, we are thinking that it is better to migrate everything to a well-maintained SSHD library. The Jenkins core uses an old version of Apache Mina sshd, this library is well maintained, so we have opened an Epic issue to migrate to that library everything https://issues.jenkins-ci.org/browse/JENKINS-64104

            People

              ifernandezcalvo Ivan Fernandez Calvo
              nsleigh Neil Sleightholm
              Votes:
              23 Vote for this issue
              Watchers:
              45 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: