Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73427

With 'Accept first connection' host key verification, and JGit, newly added known_hosts entries are malformed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • git-client-plugin
    • None
    • Docker image jenkins/jenkins:2.466 with suggested plugins installed. Git client plugin version 5.0.0

      I had noticed a lot of errors in our logs surrounding bad known_hosts entries. After some investigation, I was able to reproduce the errors with a minimal example.

      • Start with the jenkins 2.466 container image, and install just the suggested plugins.
      • Change Host Key Verification Configuration to 'Accept First Connection'
      • Under tools, change the git installation to JGit
      • Create a small pipeline, I used:
      pipeline {
  agent any
  stages {
    stage('Build') {
      steps {
        git(url: 'git@github.com:jglick/simple-maven-project-with-tests.git')
      }
    }
  }
}
      • Run once, this example will fail because I'm not using credentials, but simply attempting to connect was enough to populate the known_hosts file.
      • Check the known hosts, for me it had one entry
      |1|vHQTSjzHfpTcSNCbqMC6wEt7Mdc=|DtAq017Mv0pQZgijf9OBKbFiXV0=,|1|Y3N48nfiSHdw0U8ks35rVAUT7EM=|x9574xf5oQLevrHV4yulGkk9LOQ= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=

      Noticing the first part has |1|<blah>|<blah>,|1|<blah>|<blah> ecdsa-sha2-nistp256

      • On a second run, it will cause an error because it can't read the entry, and since it can't find an entry that matches, it creates another invalid entry.

      It doesn't seem to have a great impact, however it does start to fill up the known_hosts file, and as it grows, the errors in the log grow as well since there is an error for each entry it fails to read:

      Known hosts file /var/jenkins_home/.ssh/known_hosts contains invalid line |1|vHQTSjzHfpTcSNCbqMC6wEt7Mdc=|DtAq017Mv0pQZgijf9OBKbFiXV0=,|1|Y3N48nfiSHdw0U8ks35rVAUT7EM=|x9574xf5oQLevrHV4yulGkk9LOQ= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
java.lang.IllegalArgumentException: Invalid hash pattern (insufficient data): |1|vHQTSjzHfpTcSNCbqMC6wEt7Mdc=|DtAq017Mv0pQZgijf9OBKbFiXV0=,|1|Y3N48nfiSHdw0U8ks35rVAUT7EM=|x9574xf5oQLevrHV4yulGkk9LOQ=

            markewaite Mark Waite
            mbrunton27 Matthew Brunton
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: