Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63790

Trilead API v1.0.11 causes SSH agent connections to fail

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • trilead-api-plugin
    • Windows Server 2012 x64
      jre1.8.0_241

      After upgrading to Trilead API v1.0.11 my connection to SSH clients fail with the error below:

      [09/27/20 10:23:16] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
      Key exchange was not finished, connection is closed.
      SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 5 seconds. There are 1 more retries left.
      [09/27/20 10:23:22] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
      Key exchange was not finished, connection is closed.
      ERROR: Connection is not established!

      I have reproduced this on two environments and get exactly the same results, downgrading to v1.0.10 fixes the issue.

          [JENKINS-63790] Trilead API v1.0.11 causes SSH agent connections to fail

          Guy Mahieu added a comment -

          Guy Mahieu added a comment - I can confirm that installing https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/trilead-api/1.0.12-rc45.30c196a4f01a/  solves the issue.  

          thanks! my macs slaves stopped working. fix has made a trick

          Marat Tuktarov added a comment - thanks! my macs slaves stopped working. fix has made a trick

          trilead-api-1.0.12-rc45.30c196a4f01a worked for me - Win2019 server and node.

          Neil Sleightholm added a comment - trilead-api-1.0.12-rc45.30c196a4f01a worked for me - Win2019 server and node.

          cowwoc added a comment -

          ifernandezcalvo Can you please publish a new release reverting the regression while you investigate what happened?

          cowwoc added a comment - ifernandezcalvo Can you please publish a new release reverting the regression while you investigate what happened?

          Fabian P added a comment -

          trilead-api-1.0.12-rc45.30c196a4f01a worked for me too
          Windows Server 2012 R2
          jre 1.8.0

          Fabian P added a comment - trilead-api-1.0.12-rc45.30c196a4f01a worked for me too Windows Server 2012 R2 jre 1.8.0

          Thomas Ellinger added a comment - - edited

          Thomas Ellinger added a comment - - edited I can confirm that https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/trilead-api/1.0.12-rc45.30c196a4f01a  fixes issue on Debian 7/9 (native)

          I just released trilead-api-1.0.12 with the fix, I will keep this issue open to try to understand what causes the issue in your environments. So I have some questions :

          • Do you pass any Java property to the Jenkins command line? Which ones?
          • Which locale do you have on those agents? you can see it by running `locale` with the user you connect.

          Ivan Fernandez Calvo added a comment - I just released trilead-api-1.0.12 with the fix, I will keep this issue open to try to understand what causes the issue in your environments. So I have some questions : Do you pass any Java property to the Jenkins command line? Which ones? Which locale do you have on those agents? you can see it by running `locale` with the user you connect.

          I confirm that trilead-api-1.0.12 does work for me.

          Java properties etc.:

          -Xrs -Xmx1g -Xms1g -Dhudson.model.Run.ArtifactList.listCutoff=40 -Dhudson.model.Run.ArtifactList.treeCutoff=100 -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djavax.net.ssl.trustStore=%JENKINS_HOME%\.keystore\cacerts -Djavax.net.ssl.trustStorePassword=hugesecret -Dhudson.model.DirectoryBrowserSupport.CSP= -Dhudson.tasks.MailSender.SEND_TO_USERS_WITHOUT_READ=true -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS=true -jar "%BASE%\jenkins.war" --sessionTimeout=1440 --sessionEviction=43200 --httpPort=-1 --httpsPort=443 --httpsKeyStore="%JENKINS_HOME%\mykeystore.jks" --httpsKeyStorePassword="bigsecret" --webroot="%BASE%\war"

          Locales: per node type (uname)

          Some nodes are running Windows so I've not got the equivalent information for those.

          Linux (Linux hostname 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux):

          LANG=en_US.UTF-8
          LC_CTYPE="en_US.UTF-8"
          LC_NUMERIC="en_US.UTF-8"
          LC_TIME="en_US.UTF-8"
          LC_COLLATE="en_US.UTF-8"
          LC_MONETARY="en_US.UTF-8"
          LC_MESSAGES="en_US.UTF-8"
          LC_PAPER="en_US.UTF-8"
          LC_NAME="en_US.UTF-8"
          LC_ADDRESS="en_US.UTF-8"
          LC_TELEPHONE="en_US.UTF-8"
          LC_MEASUREMENT="en_US.UTF-8"
          LC_IDENTIFICATION="en_US.UTF-8"
          LC_ALL=

          IBM i (OS400 hostname 2 7):

          LANG=en_GB
          LC_COLLATE="en_GB"
          LC_CTYPE="en_GB"
          LC_MONETARY="en_GB"
          LC_NUMERIC="en_GB"
          LC_TIME="en_GB"
          LC_MESSAGES="en_GB"
          LC_ALL=

          IBM AIX (AIX hostname 1 7):

          LANG=en_US
          LC_COLLATE="en_US"
          LC_CTYPE="en_US"
          LC_MONETARY="en_US"
          LC_NUMERIC="en_US"
          LC_TIME="en_US"
          LC_MESSAGES="en_US"
          LC_ALL=

          Solaris (SunOS hostname 5.11 11.1 sun4v sparc sun4v):

          LANG=C
          LC_CTYPE="C"
          LC_NUMERIC="C"
          LC_TIME="C"
          LC_COLLATE="C"
          LC_MONETARY="C"
          LC_MESSAGES="C"
          LC_ALL=

          William Whittle added a comment - I confirm that trilead-api-1.0.12 does work for me. Java properties etc.: -Xrs -Xmx1g -Xms1g -Dhudson.model.Run.ArtifactList.listCutoff=40 -Dhudson.model.Run.ArtifactList.treeCutoff=100 -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Djavax.net.ssl.trustStore=%JENKINS_HOME%\.keystore\cacerts -Djavax.net.ssl.trustStorePassword=hugesecret -Dhudson.model.DirectoryBrowserSupport.CSP= -Dhudson.tasks.MailSender.SEND_TO_USERS_WITHOUT_READ= true -Dhudson.tasks.MailSender.SEND_TO_UNKNOWN_USERS= true -jar "%BASE%\jenkins.war" --sessionTimeout=1440 --sessionEviction=43200 --httpPort=-1 --httpsPort=443 --httpsKeyStore= "%JENKINS_HOME%\mykeystore.jks" --httpsKeyStorePassword= "bigsecret" --webroot= "%BASE%\war" Locales: per node type (uname) Some nodes are running Windows so I've not got the equivalent information for those. Linux (Linux hostname 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux): LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL= IBM i (OS400 hostname 2 7): LANG=en_GB LC_COLLATE="en_GB" LC_CTYPE="en_GB" LC_MONETARY="en_GB" LC_NUMERIC="en_GB" LC_TIME="en_GB" LC_MESSAGES="en_GB" LC_ALL= IBM AIX (AIX hostname 1 7): LANG=en_US LC_COLLATE="en_US" LC_CTYPE="en_US" LC_MONETARY="en_US" LC_NUMERIC="en_US" LC_TIME="en_US" LC_MESSAGES="en_US" LC_ALL= Solaris (SunOS hostname 5.11 11.1 sun4v sparc sun4v): LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL=

          Guy Mahieu added a comment -

          Jenkins commandline:

          java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -Djava.io.tmpdir=/opt/jenkins/tmp -DJENKINS_HOME=/opt/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 

          Locale CentOS master:

          LANG=en_US.UTF-8
          LC_CTYPE="en_US.UTF-8"
          LC_NUMERIC="en_US.UTF-8"
          LC_TIME="en_US.UTF-8"
          LC_COLLATE="en_US.UTF-8"
          LC_MONETARY="en_US.UTF-8"
          LC_MESSAGES="en_US.UTF-8"
          LC_PAPER="en_US.UTF-8"
          LC_NAME="en_US.UTF-8"
          LC_ADDRESS="en_US.UTF-8"
          LC_TELEPHONE="en_US.UTF-8"
          LC_MEASUREMENT="en_US.UTF-8"
          LC_IDENTIFICATION="en_US.UTF-8"
          LC_ALL= 

          Locale CentOS agent:

          LANG=en_US.UTF-8
          LC_CTYPE="en_US.UTF-8"
          LC_NUMERIC="en_US.UTF-8"
          LC_TIME="en_US.UTF-8"
          LC_COLLATE="en_US.UTF-8"
          LC_MONETARY="en_US.UTF-8"
          LC_MESSAGES="en_US.UTF-8"
          LC_PAPER="en_US.UTF-8"
          LC_NAME="en_US.UTF-8"
          LC_ADDRESS="en_US.UTF-8"
          LC_TELEPHONE="en_US.UTF-8"
          LC_MEASUREMENT="en_US.UTF-8"
          LC_IDENTIFICATION="en_US.UTF-8"
          LC_ALL=
           

           

          Guy Mahieu added a comment - Jenkins commandline: java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless= true -Djava.io.tmpdir=/opt/jenkins/tmp -DJENKINS_HOME=/opt/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/ var /log/jenkins/jenkins.log --webroot=/ var /cache/jenkins/war --daemon --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20 Locale CentOS master: LANG=en_US.UTF-8 LC_CTYPE= "en_US.UTF-8" LC_NUMERIC= "en_US.UTF-8" LC_TIME= "en_US.UTF-8" LC_COLLATE= "en_US.UTF-8" LC_MONETARY= "en_US.UTF-8" LC_MESSAGES= "en_US.UTF-8" LC_PAPER= "en_US.UTF-8" LC_NAME= "en_US.UTF-8" LC_ADDRESS= "en_US.UTF-8" LC_TELEPHONE= "en_US.UTF-8" LC_MEASUREMENT= "en_US.UTF-8" LC_IDENTIFICATION= "en_US.UTF-8" LC_ALL= Locale CentOS agent: LANG=en_US.UTF-8 LC_CTYPE= "en_US.UTF-8" LC_NUMERIC= "en_US.UTF-8" LC_TIME= "en_US.UTF-8" LC_COLLATE= "en_US.UTF-8" LC_MONETARY= "en_US.UTF-8" LC_MESSAGES= "en_US.UTF-8" LC_PAPER= "en_US.UTF-8" LC_NAME= "en_US.UTF-8" LC_ADDRESS= "en_US.UTF-8" LC_TELEPHONE= "en_US.UTF-8" LC_MEASUREMENT= "en_US.UTF-8" LC_IDENTIFICATION= "en_US.UTF-8" LC_ALL=  

          After evaluating all the work we have to make to maintain a dead SSHD library, we are thinking that it is better to migrate everything to a well-maintained SSHD library. The Jenkins core uses an old version of Apache Mina sshd, this library is well maintained, so we have opened an Epic issue to migrate to that library everything https://issues.jenkins-ci.org/browse/JENKINS-64104

          Ivan Fernandez Calvo added a comment - After evaluating all the work we have to make to maintain a dead SSHD library, we are thinking that it is better to migrate everything to a well-maintained SSHD library. The Jenkins core uses an old version of Apache Mina sshd, this library is well maintained, so we have opened an Epic issue to migrate to that library everything https://issues.jenkins-ci.org/browse/JENKINS-64104

            ifernandezcalvo Ivan Fernandez Calvo
            nsleigh Neil Sleightholm
            Votes:
            23 Vote for this issue
            Watchers:
            45 Start watching this issue

              Created:
              Updated:
              Resolved: