-
New Feature
-
Resolution: Duplicate
-
Critical
-
None
-
Jenkins :
Debian 8 64bit
Openjdk version "1.8.0_171"
Jenkins 2.263.4
Metrics Plugin (metrics): 4.0.2.7
PAM Authentication plugin (pam-auth): 1.6
Pipeline: Model API (pipeline-model-api): 1.7.2
Run Condition Plugin (run-condition): 1.5
Pipeline Utility Steps (pipeline-utility-steps): 2.6.1
Pipeline: GitHub Groovy Libraries (pipeline-github-lib): 1.0
ECharts API Plugin (echarts-api): 4.9.0-2
Popper.js API Plugin (popper-api): 1.16.0-7
OWASP Markup Formatter Plugin (antisamy-markup-formatter): 2.1
Oracle Java SE Development Kit Installer Plugin (jdk-tool): 1.4
JQuery3 API Plugin (jquery3-api): 3.5.1-2
jQuery plugin (jquery): 1.12.4-1
Authentication Tokens API Plugin (authentication-tokens): 1.4
Credentials Binding Plugin (credentials-binding): 1.24
Icon Shim Plugin (icon-shim): 2.0.3
Pipeline: Input Step (pipeline-input-step): 2.12
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin (jquery-detached): 1.2.1
GitHub Branch Source Plugin (github-branch-source): 2.9.3
Command Agent Launcher Plugin (command-launcher): 1.5
Plugin Utilities API Plugin (plugin-util-api): 1.6.1
build log file size checker plugin (logfilesizechecker): 1.5
JavaScript GUI Lib: Handlebars bundle plugin (handlebars): 1.1.1
Matrix Project Plugin (matrix-project): 1.18
Resource Disposer Plugin (resource-disposer): 0.14
Build Timeout (build-timeout): 1.20
Pipeline: Declarative (pipeline-model-definition): 1.7.2
Jackson 2 API Plugin (jackson2-api): 2.12.0
Trilead API Plugin (trilead-api): 1.0.13
Copy Artifact Plugin (copyartifact): 1.45.3
SCM API Plugin (scm-api): 2.6.4
Pipeline: Stage Tags Metadata (pipeline-stage-tags-metadata): 1.7.2
Priority Sorter Plugin (PrioritySorter): 3.6.0
Pipeline: Stage Step (pipeline-stage-step): 2.5
Azure Commons Plugin (azure-commons): 1.0.5
Email Extension Plugin (email-ext): 2.80
Pipeline: Multibranch (workflow-multibranch): 2.22
Checks API plugin (checks-api): 1.2.0
Gradle Plugin (gradle): 1.36
OkHttp Plugin (okhttp-api): 3.14.9
Pipeline: Groovy (workflow-cps): 2.87
Pipeline (workflow-aggregator): 2.6
Pipeline: API (workflow-api): 2.40
Script Security Plugin (script-security): 1.75
Folders Plugin (cloudbees-folder): 6.15
Build Failure Analyzer (build-failure-analyzer): 1.27.1
MSBuild Plugin (msbuild): 1.29
GIT server Plugin (git-server): 1.9
SSH Agent Plugin (ssh-agent): 1.20
Branch API Plugin (branch-api): 2.6.2
promoted builds plugin (promoted-builds): 3.7
Matrix Authorization Strategy Plugin (matrix-auth): 2.6.4
Pipeline: Stage View Plugin (pipeline-stage-view): 2.19
Pipeline: Shared Groovy Libraries (workflow-cps-global-lib): 2.17
SSH Credentials Plugin (ssh-credentials): 1.18.1
SSH Build Agents plugin (ssh-slaves): 1.31.5
Timestamper (timestamper): 1.11.8
Job DSL (job-dsl): 1.77
Ant Plugin (ant): 1.11
Pipeline: SCM Step (workflow-scm-step): 2.11
Pipeline Graph Analysis Plugin (pipeline-graph-analysis): 1.10
Bootstrap 4 API Plugin (bootstrap4-api): 4.5.3-1
External Monitor Job Type Plugin (external-monitor-job): 1.7
Mailer Plugin (mailer): 1.32.1
GitHub API Plugin (github-api): 1.117
Azure Credentials (azure-credentials): 4.0.5
WMI Windows Agents Plugin (windows-slaves): 1.7
Throttle Concurrent Builds Plug-in (throttle-concurrents): 2.1
Font Awesome API Plugin (font-awesome-api): 5.15.1-1
Conditional BuildStep (conditional-buildstep): 1.4.1
JSch dependency plugin (jsch): 0.1.55.2
Node and Label parameter plugin (nodelabelparameter): 1.7.2
Maven Integration plugin (maven-plugin): 3.8
Pipeline: Basic Steps (workflow-basic-steps): 2.22
Token Macro Plugin (token-macro): 2.13
Snakeyaml API Plugin (snakeyaml-api): 1.27.0
Rebuilder (rebuild): 1.31
Workspace Cleanup Plugin (ws-cleanup): 0.38
jQuery UI plugin (jquery-ui): 1.0.2
Pipeline: REST API Plugin (pipeline-rest-api): 2.19
Async Http Client (async-http-client): 1.9.40.0
Pipeline: Step API (workflow-step-api): 2.23
Credentials Plugin (credentials): 2.3.14
Structs Plugin (structs): 1.20
LDAP Plugin (ldap): 1.26
Git client plugin (git-client): 3.6.0
Docker Pipeline (docker-workflow): 1.25
Plain Credentials Plugin (plain-credentials): 1.7
MapDB API Plugin (mapdb-api): 1.0.9.0
Javadoc Plugin (javadoc): 1.6
Variant Plugin (variant): 1.4
GitHub Organization Folder Plugin (github-organization-folder): 1.6
GitHub Pull Request Builder (ghprb): 1.42.1
GitHub Authentication plugin (github-oauth): 0.33
Azure VM Agents (azure-vm-agents): 1.5.1
GitHub plugin (github): 1.32.0
Display URL API (display-url-api): 2.3.4
Subversion Plug-in (subversion): 2.13.2
JavaScript GUI Lib: Moment.js bundle plugin (momentjs): 1.1.1
Parameterized Trigger plugin (parameterized-trigger): 2.39
Pipeline: Declarative Agent API (pipeline-model-declarative-agent): 1.1.1
Pipeline: Nodes and Processes (workflow-durable-task-step): 2.37
Pipeline: Build Step (pipeline-build-step): 2.13
Pipeline: Supporting APIs (workflow-support): 3.7
Pipeline: Milestone Step (pipeline-milestone-step): 1.3.1
Groovy (groovy): 2.3
Job Configuration History Plugin (jobConfigHistory): 2.26
JavaScript GUI Lib: ACE Editor bundle plugin (ace-editor): 1.1
Durable Task Plugin (durable-task): 1.35
Pipeline: Declarative Extension Points API (pipeline-model-extensions): 1.7.2
Apache HttpComponents Client 4.x API Plugin (apache-httpcomponents-client-4-api): 4.5.13-1.0
JUnit Plugin (junit): 1.48
Docker Commons Plugin (docker-commons): 1.17
Build Alias Setter Plugin (build-alias-setter): 0.4
Git plugin (git): 4.5.2
Pipeline: Job (workflow-job): 2.40
bouncycastle API Plugin (bouncycastle-api): 2.18
Cloud Statistics Plugin (cloud-stats): 0.25
Lockable Resources plugin (lockable-resources): 2.10
Agent :
Debian Buster 64bit
openjdk version "1.8.0_265"Jenkins : Debian 8 64bit Openjdk version "1.8.0_171" Jenkins 2.263.4 Metrics Plugin (metrics): 4.0.2.7 PAM Authentication plugin (pam-auth): 1.6 Pipeline: Model API (pipeline-model-api): 1.7.2 Run Condition Plugin (run-condition): 1.5 Pipeline Utility Steps (pipeline-utility-steps): 2.6.1 Pipeline: GitHub Groovy Libraries (pipeline-github-lib): 1.0 ECharts API Plugin (echarts-api): 4.9.0-2 Popper.js API Plugin (popper-api): 1.16.0-7 OWASP Markup Formatter Plugin (antisamy-markup-formatter): 2.1 Oracle Java SE Development Kit Installer Plugin (jdk-tool): 1.4 JQuery3 API Plugin (jquery3-api): 3.5.1-2 jQuery plugin (jquery): 1.12.4-1 Authentication Tokens API Plugin (authentication-tokens): 1.4 Credentials Binding Plugin (credentials-binding): 1.24 Icon Shim Plugin (icon-shim): 2.0.3 Pipeline: Input Step (pipeline-input-step): 2.12 JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin (jquery-detached): 1.2.1 GitHub Branch Source Plugin (github-branch-source): 2.9.3 Command Agent Launcher Plugin (command-launcher): 1.5 Plugin Utilities API Plugin (plugin-util-api): 1.6.1 build log file size checker plugin (logfilesizechecker): 1.5 JavaScript GUI Lib: Handlebars bundle plugin (handlebars): 1.1.1 Matrix Project Plugin (matrix-project): 1.18 Resource Disposer Plugin (resource-disposer): 0.14 Build Timeout (build-timeout): 1.20 Pipeline: Declarative (pipeline-model-definition): 1.7.2 Jackson 2 API Plugin (jackson2-api): 2.12.0 Trilead API Plugin (trilead-api): 1.0.13 Copy Artifact Plugin (copyartifact): 1.45.3 SCM API Plugin (scm-api): 2.6.4 Pipeline: Stage Tags Metadata (pipeline-stage-tags-metadata): 1.7.2 Priority Sorter Plugin (PrioritySorter): 3.6.0 Pipeline: Stage Step (pipeline-stage-step): 2.5 Azure Commons Plugin (azure-commons): 1.0.5 Email Extension Plugin (email-ext): 2.80 Pipeline: Multibranch (workflow-multibranch): 2.22 Checks API plugin (checks-api): 1.2.0 Gradle Plugin (gradle): 1.36 OkHttp Plugin (okhttp-api): 3.14.9 Pipeline: Groovy (workflow-cps): 2.87 Pipeline (workflow-aggregator): 2.6 Pipeline: API (workflow-api): 2.40 Script Security Plugin (script-security): 1.75 Folders Plugin (cloudbees-folder): 6.15 Build Failure Analyzer (build-failure-analyzer): 1.27.1 MSBuild Plugin (msbuild): 1.29 GIT server Plugin (git-server): 1.9 SSH Agent Plugin (ssh-agent): 1.20 Branch API Plugin (branch-api): 2.6.2 promoted builds plugin (promoted-builds): 3.7 Matrix Authorization Strategy Plugin (matrix-auth): 2.6.4 Pipeline: Stage View Plugin (pipeline-stage-view): 2.19 Pipeline: Shared Groovy Libraries (workflow-cps-global-lib): 2.17 SSH Credentials Plugin (ssh-credentials): 1.18.1 SSH Build Agents plugin (ssh-slaves): 1.31.5 Timestamper (timestamper): 1.11.8 Job DSL (job-dsl): 1.77 Ant Plugin (ant): 1.11 Pipeline: SCM Step (workflow-scm-step): 2.11 Pipeline Graph Analysis Plugin (pipeline-graph-analysis): 1.10 Bootstrap 4 API Plugin (bootstrap4-api): 4.5.3-1 External Monitor Job Type Plugin (external-monitor-job): 1.7 Mailer Plugin (mailer): 1.32.1 GitHub API Plugin (github-api): 1.117 Azure Credentials (azure-credentials): 4.0.5 WMI Windows Agents Plugin (windows-slaves): 1.7 Throttle Concurrent Builds Plug-in (throttle-concurrents): 2.1 Font Awesome API Plugin (font-awesome-api): 5.15.1-1 Conditional BuildStep (conditional-buildstep): 1.4.1 JSch dependency plugin (jsch): 0.1.55.2 Node and Label parameter plugin (nodelabelparameter): 1.7.2 Maven Integration plugin (maven-plugin): 3.8 Pipeline: Basic Steps (workflow-basic-steps): 2.22 Token Macro Plugin (token-macro): 2.13 Snakeyaml API Plugin (snakeyaml-api): 1.27.0 Rebuilder (rebuild): 1.31 Workspace Cleanup Plugin (ws-cleanup): 0.38 jQuery UI plugin (jquery-ui): 1.0.2 Pipeline: REST API Plugin (pipeline-rest-api): 2.19 Async Http Client (async-http-client): 1.9.40.0 Pipeline: Step API (workflow-step-api): 2.23 Credentials Plugin (credentials): 2.3.14 Structs Plugin (structs): 1.20 LDAP Plugin (ldap): 1.26 Git client plugin (git-client): 3.6.0 Docker Pipeline (docker-workflow): 1.25 Plain Credentials Plugin (plain-credentials): 1.7 MapDB API Plugin (mapdb-api): 1.0.9.0 Javadoc Plugin (javadoc): 1.6 Variant Plugin (variant): 1.4 GitHub Organization Folder Plugin (github-organization-folder): 1.6 GitHub Pull Request Builder (ghprb): 1.42.1 GitHub Authentication plugin (github-oauth): 0.33 Azure VM Agents (azure-vm-agents): 1.5.1 GitHub plugin (github): 1.32.0 Display URL API (display-url-api): 2.3.4 Subversion Plug-in (subversion): 2.13.2 JavaScript GUI Lib: Moment.js bundle plugin (momentjs): 1.1.1 Parameterized Trigger plugin (parameterized-trigger): 2.39 Pipeline: Declarative Agent API (pipeline-model-declarative-agent): 1.1.1 Pipeline: Nodes and Processes (workflow-durable-task-step): 2.37 Pipeline: Build Step (pipeline-build-step): 2.13 Pipeline: Supporting APIs (workflow-support): 3.7 Pipeline: Milestone Step (pipeline-milestone-step): 1.3.1 Groovy (groovy): 2.3 Job Configuration History Plugin (jobConfigHistory): 2.26 JavaScript GUI Lib: ACE Editor bundle plugin (ace-editor): 1.1 Durable Task Plugin (durable-task): 1.35 Pipeline: Declarative Extension Points API (pipeline-model-extensions): 1.7.2 Apache HttpComponents Client 4.x API Plugin (apache-httpcomponents-client-4-api): 4.5.13-1.0 JUnit Plugin (junit): 1.48 Docker Commons Plugin (docker-commons): 1.17 Build Alias Setter Plugin (build-alias-setter): 0.4 Git plugin (git): 4.5.2 Pipeline: Job (workflow-job): 2.40 bouncycastle API Plugin (bouncycastle-api): 2.18 Cloud Statistics Plugin (cloud-stats): 0.25 Lockable Resources plugin (lockable-resources): 2.10 Agent : Debian Buster 64bit openjdk version "1.8.0_265"
I created a new managed disk azure image with sshd_config as follows:
```
PermitRootLogin without-password
AuthorizedKeysCommand /usr/local/bin/userkeys.sh
AuthorizedKeysCommandUser nobody
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
```
VM has user names `jenkins` with ssh keys to allow ssh key auth from Jenkins. Tested and working.
When a template uses this image the VM is created and Auth fails
```
{{2021-02-24 16:52:34.877+0000 [id=464371] SEVERE c.m.a.v.r.AzureVMAgentSSHLauncher#getRemoteSession: AzureVMAgentSSHLauncher: getRemoteSession: Got exception while connecting to remote host linux-image-test369e60.westeurope.cloudapp.azure.com:22
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:512)
at com.jcraft.jsch.Session.connect(Session.java:183)
at com.microsoft.azure.vmagent.remote.AzureVMAgentSSHLauncher.getRemoteSession(AzureVMAgentSSHLauncher.java:307)
at com.microsoft.azure.vmagent.remote.AzureVMAgentSSHLauncher.connectToSsh(AzureVMAgentSSHLauncher.java:465)
at com.microsoft.azure.vmagent.remote.AzureVMAgentSSHLauncher.launch(AzureVMAgentSSHLauncher.java:115)
at hudson.slaves.SlaveComputer.lambda$_connect$0(SlaveComputer.java:294)
at jenkins.util.ContextResettingExecutorService$2.call(ContextResettingExecutorService.java:46)
at jenkins.security.ImpersonatingExecutorService$2.call(ImpersonatingExecutorService.java:71)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)}}
```
Other images created in the same manner works as expected.
Debug of SSHD on VM which fails
```
Feb 25 13:30:34 linux-image-test907690 sshd[2348]: debug1: Forked child 2399.
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: Set /proc/self/oom_score_adj to 0
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: inetd sockets after dupping: 3, 3
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: Connection from 10.0.0.100 port 40088 on 10.43.240.4 port 22
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: Client protocol version 2.0; client software version JSCH-0.1.53
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: no match: JSCH-0.1.53
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: permanently_set_uid: 107/65534 [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: SSH2_MSG_KEXINIT received [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: kex: algorithm: ecdh-sha2-nistp256 [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: kex: host key algorithm: ssh-rsa [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: rekey after 4294967296 blocks [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: rekey after 4294967296 blocks [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: KEX done [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: userauth-request for user jenkins service ssh-connection method none [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: attempt 0 failures 0 [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: PAM: initializing for "jenkins"
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: PAM: setting PAM_RHOST to "10.0.0.100"
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: userauth-request for user jenkins service ssh-connection method password [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: debug1: attempt 1 failures 0 [preauth]
Feb 25 13:30:34 linux-image-test907690 sshd[2399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.100 user=jenkins
Feb 25 13:30:36 linux-image-test907690 sshd[2399]: debug1: PAM: password authentication failed for jenkins: Authentication failure
Feb 25 13:30:36 linux-image-test907690 sshd[2399]: Failed password for jenkins from 10.0.0.100 port 40088 ssh2
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: error: Received disconnect from 10.0.0.100 port 40088:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: Disconnected from authenticating user jenkins 10.0.0.100 port 40088 [preauth]
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: debug1: do_cleanup [preauth]
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: debug1: monitor_read_log: child log fd closed
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: debug1: do_cleanup
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: debug1: PAM: cleanup
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: debug1: Killing privsep child 2400
Feb 25 13:30:37 linux-image-test907690 sshd[2399]: debug1: audit_event: unhandled event 12
```
