-
Bug
-
Resolution: Unresolved
-
Major
-
Jenkins 2.263.3
ssh-credentials-plugin 1.18.1
ssh plugin steps 2.0.0
Hi,
I've created an SSH keypair on Windows Server 2019 using PuTTYGen with a passphrase.
With Pageant and Winscp/psftp I can log on successfully using this key.
I have defined an SSH keypair credential in Jenkins using the OpenSSH key format of the private key as exported by PuTTYGen.
I'm using a declarative pipeline based on the sample of the ssh-plugin github page
script {
def remote = [:]
remote.name = "server"
remote.host = "1.2.3.4"
remote.allowAnyHosts = true
remote.logLevel = 'FINEST'
withCredentials([sshUserPrivateKey(credentialsId: 'server-ssh-key-global', keyFileVariable: 'identity', passphraseVariable: '', usernameVariable: 'userName')]) {
remote.user = userName
remote.identityFile = identity
writeFile file: 'abc.sh', text: 'ls'
sshPut remote: remote, from: 'abc.sh', into: '.'
sshGet remote: remote, from: 'abc.sh', into: 'bac.sh', override: true
}
The job fails with an exception AUTHFAIL:
com.jcraft.jsch.JSchException: USERAUTH fail at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:119) at com.jcraft.jsch.Session.connect(Session.java:470) at com.jcraft.jsch.Session.connect(Session.java:183) at com.jcraft.jsch.Session$connect$1.call(Unknown Source) at org.hidetake.groovy.ssh.connection.ConnectionManager.connectInternal(ConnectionManager.groovy:107) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:384) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022) at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:69) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:190) at org.hidetake.groovy.ssh.connection.ConnectionManager$_connectInternal_closure1.doCall(ConnectionManager.groovy:85) at org.hidetake.groovy.ssh.connection.ConnectionManager$_connectInternal_closure1.doCall(ConnectionManager.groovy) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022) at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117) at org.hidetake.groovy.ssh.util.Utility.retry(Utility.groovy:52) at org.hidetake.groovy.ssh.util.Utility$retry.callStatic(Unknown Source) at org.hidetake.groovy.ssh.connection.ConnectionManager.connectInternal(ConnectionManager.groovy:83) at org.hidetake.groovy.ssh.connection.ConnectionManager.connectInternal(ConnectionManager.groovy) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:166) at org.hidetake.groovy.ssh.connection.ConnectionManager.connect(ConnectionManager.groovy:59) at org.hidetake.groovy.ssh.connection.ConnectionManager$connect.call(Unknown Source) at org.hidetake.groovy.ssh.session.SessionTask.wetRun(SessionTask.groovy:61) at org.hidetake.groovy.ssh.session.SessionTask.call(SessionTask.groovy:48) at java_util_concurrent_Callable$call.call(Unknown Source) at org.hidetake.groovy.ssh.core.Service.run(Service.groovy:81) at org.hidetake.groovy.ssh.core.Service$run$0.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) at org.jenkinsci.plugins.sshsteps.SSHService.put(SSHService.groovy:215) at org.jenkinsci.plugins.sshsteps.steps.PutStep$Execution$PutCallable.execute(PutStep.java:113) at org.jenkinsci.plugins.sshsteps.util.SSHMasterToSlaveCallable.call(SSHMasterToSlaveCallable.java:32) at hudson.remoting.UserRequest.perform(UserRequest.java:211) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:375) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:73) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:118) at java.lang.Thread.run(Thread.java:748)
I also tried using the OpenSSH new file format in the credential but then I get:
com.jcraft.jsch.JSchException: invalid privatekey: [B@46d4fbc8 at com.jcraft.jsch.KeyPair.load(KeyPair.java:747) at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:46) at com.jcraft.jsch.JSch.addIdentity(JSch.java:441) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:192) at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:149) at org.hidetake.groovy.ssh.connection.UserAuthentication$Trait$Helper.configureUserAuthentication(UserAuthentication.groovy:39) at org.hidetake.groovy.ssh.connection.UserAuthentication$Trait$Helper$configureUserAuthentication$0.call(Unknown Source) at org.hidetake.groovy.ssh.connection.ConnectionManager.configureUserAuthentication(ConnectionManager.groovy) at org.hidetake.groovy.ssh.connection.UserAuthentication$configureUserAuthentication$0.callCurrent(Unknown Source) at org.hidetake.groovy.ssh.connection.ConnectionManager.connectInternal(ConnectionManager.groovy:104) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:384) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022) at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.callCurrent(PogoMetaClassSite.java:69) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:190) at org.hidetake.groovy.ssh.connection.ConnectionManager$_connectInternal_closure1.doCall(ConnectionManager.groovy:85) at org.hidetake.groovy.ssh.connection.ConnectionManager$_connectInternal_closure1.doCall(ConnectionManager.groovy) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022) at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:42) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117) at org.hidetake.groovy.ssh.util.Utility.retry(Utility.groovy:52) at org.hidetake.groovy.ssh.util.Utility$retry.callStatic(Unknown Source) at org.hidetake.groovy.ssh.connection.ConnectionManager.connectInternal(ConnectionManager.groovy:83) at org.hidetake.groovy.ssh.connection.ConnectionManager.connectInternal(ConnectionManager.groovy) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:210) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:59) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:166) at org.hidetake.groovy.ssh.connection.ConnectionManager.connect(ConnectionManager.groovy:59) at org.hidetake.groovy.ssh.connection.ConnectionManager$connect.call(Unknown Source) at org.hidetake.groovy.ssh.session.SessionTask.wetRun(SessionTask.groovy:61) at org.hidetake.groovy.ssh.session.SessionTask.call(SessionTask.groovy:48) at java_util_concurrent_Callable$call.call(Unknown Source) at org.hidetake.groovy.ssh.core.Service.run(Service.groovy:81) at org.hidetake.groovy.ssh.core.Service$run$0.call(Unknown Source) at org.jenkinsci.plugins.sshsteps.SSHService.executeCommand(SSHService.groovy:177) at org.jenkinsci.plugins.sshsteps.steps.CommandStep$Execution$CommandCallable.execute(CommandStep.java:84) at org.jenkinsci.plugins.sshsteps.util.SSHMasterToSlaveCallable.call(SSHMasterToSlaveCallable.java:32) at hudson.remoting.UserRequest.perform(UserRequest.java:211) at hudson.remoting.UserRequest.perform(UserRequest.java:54) at hudson.remoting.Request$2.run(Request.java:375) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:73) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:118) at java.lang.Thread.run(Thread.java:748)
Note: I tried to add the private key to my SSH setup on a Linux system and here too I'm unable to log on using the private key:
$ sftp -i server_rsa_new user@1.2.3.4 -oBatchMode=no Connection closed by 1.2.3.4 port 22 Connection closed. Connection closed
Are these special requirements for the keypair?
It is a basic RSA keypair.
Can I get more logging to explain why the connection is failing?
The passphrase and kedy are correct and working on the Windows system.
The LogLevel appears to be ignored now. One build did show more information:
20:48:40 Using default settings: {fileTransfer=sftp, jschLog=false, retryWaitSec=0, timeoutSec=0, pty=false, authentications=[publickey, keyboard-interactive, password], agentForwarding=false, keepAliveSec=60, sudoPath=sudo, dryRun=false, encoding=UTF-8, retryCount=0, logging=slf4j, knownHosts=C:\Users\build\.ssh\known_hosts, ignoreError=false, agent=false} 20:48:40 Using global settings: {} 20:48:40 Using per-service settings: {} 20:48:40 Using per-remote settings: {jschLog=true, user=****, interaction=org.jenkinsci.plugins.sshsteps.SSHService$_defineRemote_closure1$_closure8$_closure9@7fe198d3, dryRun=false, logging=none, knownHosts=allowAnyHosts, ignoreError=false, identity=E:\path@tmp\secretFiles\92588048-2423-4fd9-8799-436b872d60f6\ssh-key-identity} 20:48:40 Enabled JSch logging on Thread[pool-1-thread-170412 for JNLP4-connect connection to agent/1.2.2.2:49187 id=30631139,5,main] 20:48:40 Connecting to server[1.2.3.4:22] with {keepAliveSec=60, retryCount=0, retryWaitSec=0, knownHosts=allowAnyHosts, timeoutSec=0, agent=false, identity=E:\path@tmp\secretFiles\92588048-2423-4fd9-8799-436b872d60f6\ssh-key-identity, authentications=[publickey, keyboard-interactive, password], user=****} 20:48:40 Host key checking is off. It may be vulnerable to man-in-the-middle attacks. 20:48:40 Using public key authentication for server[1.2.3.4:22]: E:\path@tmp\secretFiles\92588048-2423-4fd9-8799-436b872d60f6\ssh-key-identity 20:48:40 [jsch] Connecting to 1.2.3.4 port 22 20:48:40 [jsch] Connection established 20:48:40 [jsch] Remote version string: SSH-2.0-mod_sftp 20:48:40 [jsch] Local version string: SSH-2.0-JSCH-0.1.54 20:48:40 [jsch] CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 20:48:40 [jsch] CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 20:48:40 [jsch] CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 20:48:40 [jsch] SSH_MSG_KEXINIT sent 20:48:40 [jsch] SSH_MSG_KEXINIT received 20:48:40 [jsch] kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 20:48:40 [jsch] kex: server: ssh-rsa,ssh-dss 20:48:40 [jsch] kex: server: aes128-cbc,3des-cbc,cast128-cbc,arcfour128,arcfour256,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr 20:48:40 [jsch] kex: server: aes128-cbc,3des-cbc,cast128-cbc,arcfour128,arcfour256,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr 20:48:40 [jsch] kex: server: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com 20:48:40 [jsch] kex: server: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,umac-64@openssh.com,umac-128@openssh.com 20:48:40 [jsch] kex: server: zlib@openssh.com,zlib,none 20:48:40 [jsch] kex: server: zlib@openssh.com,zlib,none 20:48:40 [jsch] kex: server: 20:48:40 [jsch] kex: server: 20:48:40 [jsch] kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 20:48:40 [jsch] kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 20:48:40 [jsch] kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc 20:48:40 [jsch] kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc 20:48:40 [jsch] kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 20:48:40 [jsch] kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 20:48:40 [jsch] kex: client: none 20:48:40 [jsch] kex: client: none 20:48:40 [jsch] kex: client: 20:48:40 [jsch] kex: client: 20:48:40 [jsch] kex: server->client aes128-ctr hmac-md5 none 20:48:40 [jsch] kex: client->server aes128-ctr hmac-md5 none 20:48:40 [jsch] SSH_MSG_KEXDH_INIT sent 20:48:40 [jsch] expecting SSH_MSG_KEXDH_REPLY 20:48:40 [jsch] ssh_rsa_verify: signature true 20:48:40 [jsch] Permanently added '1.2.3.4' (RSA) to the list of known hosts. 20:48:40 [jsch] SSH_MSG_NEWKEYS sent 20:48:40 [jsch] SSH_MSG_NEWKEYS received 20:48:40 [jsch] SSH_MSG_SERVICE_REQUEST sent 20:48:40 [jsch] SSH_MSG_SERVICE_ACCEPT received 20:48:40 [jsch] Authentications that can continue: publickey,keyboard-interactive,password 20:48:40 [jsch] Next authentication method: publickey 20:48:40 [jsch] Disconnecting from 1.2.3.4 port 22 20:48:40 Closing connections: []
