-
Bug
-
Resolution: Fixed
-
Critical
-
Windows Server 2012 x64
jre1.8.0_241
After upgrading to Trilead API v1.0.11 my connection to SSH clients fail with the error below:
[09/27/20 10:23:16] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
Key exchange was not finished, connection is closed.
SSH Connection failed with IOException: "Key exchange was not finished, connection is closed.", retrying in 5 seconds. There are 1 more retries left.
[09/27/20 10:23:22] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.
Key exchange was not finished, connection is closed.
ERROR: Connection is not established!
I have reproduced this on two environments and get exactly the same results, downgrading to v1.0.10 fixes the issue.
- duplicates
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
[JENKINS-63790] Trilead API v1.0.11 causes SSH agent connections to fail
Neil Sleightholm
created issue -
Neil Sleightholm
added a comment - Jenkins 2.258
SSH Build Agents plugin 1.31.2
I don't think I am using a key, I set "Non verifying Verification Strategy".
Neil Sleightholm
added a comment - Jenkins 2.258
SSH Build Agents plugin 1.31.2
I don't think I am using a key, I set "Non verifying Verification Strategy". Do you know the Operating system of your agent and the OpenSSH version installed?
Neil Sleightholm
added a comment - Yes user name and password.
Not sure of the OpenSSH version do you know how I check? The agents are running on a mixture of OS's and they all have the same issue, Ubuntu 18 and 20 and Windows Server 2019 (amd64).
Neil Sleightholm
added a comment - Yes user name and password.
Not sure of the OpenSSH version do you know how I check? The agents are running on a mixture of OS's and they all have the same issue, Ubuntu 18 and 20 and Windows Server 2019 (amd64).
Run the following command in the agent
❯ ssh -V OpenSSH_8.1p1, LibreSSL 2.7.3
>The agents are running on a mixture of OS's and they all have the same issue, Ubuntu 18 and 20 and Windows Server 2019 (amd64).
Are all failing after the update?
I've added the user+password scenario to my test environment https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-63790 I can not replicate the issue on
Jenkins
Debian GNU/Linux 9 OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019 openjdk version "1.8.0_242" OpenJDK Runtime Environment (build 1.8.0_242-b08) OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)
Agents
Debian GNU/Linux 10 OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019 openjdk version "11.0.7" 2020-04-14 OpenJDK Runtime Environment 18.9 (build 11.0.7+10) OpenJDK 64-Bit Server VM 18.9 (build 11.0.7+10, mixed mode)
They all fail to start and from two different Windows Jenkins servers (talking to different Agents):
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
java version "1.8.0_231"
Java(TM) SE Runtime Environment (build 1.8.0_231-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.231-b11, mixed mode)
Jenkins host
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
java version "1.8.0_261"
Java(TM) SE Runtime Environment (build 1.8.0_261-b12)
Java HotSpot(TM) Client VM (build 25.261-b12, mixed mode, sharing)
Let me know if you need more info.
Neil Sleightholm
added a comment - - edited They all fail to start and from two different Windows Jenkins servers (talking to different Agents):
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
java version "1.8.0_231"
Java(TM) SE Runtime Environment (build 1.8.0_231-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.231-b11, mixed mode)
Jenkins host
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
java version "1.8.0_261"
Java(TM) SE Runtime Environment (build 1.8.0_261-b12)
Java HotSpot(TM) Client VM (build 25.261-b12, mixed mode, sharing)
Let me know if you need more info. Neil Sleightholm
added a comment - The same thing happened in June with trilead-api-1.0.7 and trilead-api-1.0.8 fixed it.
Neil Sleightholm
added a comment - The same thing happened in June with trilead-api-1.0.7 and trilead-api-1.0.8 fixed it. This was a different issue that it is resolved, I reverted the change on 1.0.8, and include the fix on 1.0.9 but this has another bug related to keys protected with passwords so we revert the changes again, so 1.0.8, and 1.0.10 are equal they use (trilead-ssh2:build-217-jenkins-21).
Could you give me more details about your environment? Which version of Jenkins do you have? Which version of ssh build agents plugin? which type of key do you use (DSA, RSA,...) and size? Is your key encrypted with a password? if so which algorithm you use? should be a case I have missed
I have tested:
for encrypted keys, I have tested