-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Operating System: AWS EC2, Ubuntu 22.04.5 LTS
JRE/JDK: openjdk version "21.0.5" 2024-10-15
Jenkins version: 2.479.3
Amazon EC2 plugin version: 1823.v828850f7f155
Amazon Web Services SDK version: 1.12.772-477.v650d756dcf6d
SSH launching fails with host key mismatch
Jan 30, 2025 5:27:23 PM hudson.plugins.ec2.EC2Cloud WARNING: The SSH key (redacted-fingerprint-1) presented by the instance has changed since first saved (redacted-fingerprint-2). The connection to EC2 (redacted-hostname) - IntegrationTest (i-redacted) is closed to prevent a possible man-in-the-middle attack Jan 30, 2025 5:27:23 PM hudson.plugins.ec2.EC2Cloud WARNING: Authentication failed. Trying again...
Interrogating the known hosts on the built-in node with `ssh-keygen -l -E md5 -F ip-address` reveals that both the presented key (ECDSA), and the previously saved key (ED25519) are present in known hosts, along with a third key (RSA). The keys are on consecutive lines, with the ED25519 key first, the RSA second, and the ECDSA key third.
Manual ssh to the node ec2 instance is successful, tested via `ssh -v ubuntu@ip-address hostname`
It should be noted that this particular node ec2 instance is long-lived (unlike most nodes which are ephemeral) for reasons. As such it previously had extended uptimes prior to upgrading to the latest version / ec2 plugin et al.
Rebooting the node instance has not changed matters. According to the log, the ECDSA key is presented, but not accepted, as the ec2 plugin appears to insist on the ED25519 key.
Downgrading the ec2 plugin from 1823.v828850f7f155 to 1801.v526399543dca_ has restored functionality.