SSH Remote Host not being able to connect

瀏覽次數:335 次
跳到第一則未讀訊息

Sholom Sanders

未讀,
2020年2月4日 下午3:53:452020/2/4
收件者:Jenkins Users
On my remote Linux machine I created a private/public key to communicate with Jenkins on my Windows machine. I put the public key into authorized_keys. In Jenkins, I created a credential for this user and pasted in the private key. I then went to Manage  Jenkins --> Configure System to the SSH Remote Hosts. I created a new one with the Linux machine name and port 22 and selected the newly created credential. When I click on check connection, I am getting "Can't connect to server".  I had created two other SSH remote hosts successfully. But this lone is not going through and I am not sure how to track down the solution.

Ivan Fernandez Calvo

未讀,
2020年2月5日 上午11:11:502020/2/5
收件者:Jenkins Users
I understand you have a Jenkins instance that runs on a windows machine and you want to use a Linux machine as an agent connected by SSH
* Create an SSH key pair (public/private)
* Create an SSH credential in the Jenkins machine and put the private key there
  * Select the SSH credential created before as credentials
  * Chose the verification strategy that you want, see the documentation, if you have problems start with the "Non verifying Verification Strategy" you can change it later
* Add the public key on ~/.ssh/authorized_keys

this should work, if not you should see some error messages on the agent logs page "JENKISN_URL/computer/AGENT_NAME/log", if nothing works see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/TROUBLESHOOTING.md#common-info-needed-to-troubleshooting-a-bug there you have the information needed to troubleshoot an SSH issue

Sanders, Sholom

未讀,
2020年2月5日 下午1:15:582020/2/5
收件者:jenkins...@googlegroups.com

 

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo
Sent: Wednesday, February 5, 2020 11:12 AM
To: Jenkins Users <jenkins...@googlegroups.com>
Subject: [SOCIAL NETWORK] Re: SSH Remote Host not being able to connect

 

I understand you have a Jenkins instance that runs on a windows machine and you want to use a Linux machine as an agent connected by SSH

* Create an SSH key pair (public/private)   Ran the command “ssh-keygen -t rsa -C "Jenkins agent key" -f "jenkinsAgent_rsa"  “

* Create an SSH credential in the Jenkins machine and put the private key there Created the credentials and put jenkinsAgent_rsa into it.

* Create an SSH agent see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/CONFIGURE.md#configure-launch-agents-via-sshThis is creating a node which I didn’t do before – so I created the node and selected the credential with the private key. The verification strategy slect is non-verifying.

  * Select the SSH credential created before as credentials

  * Chose the verification strategy that you want, see the documentation, if you have problems start with the "Non verifying Verification Strategy" you can change it later

* Add the public key on ~/.ssh/authorized_keys This was done

 

I tried to relaunch the node and got the following:

 

[02/05/20 12:57:13] [SSH] Opening SSH connection to msslva-hhsmdm07.csc.nycnet:22.

[02/05/20 12:57:13] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.

ERROR: Server rejected the 1 private key(s) for mdmadmin (credentialId:c6bf4c24-0a05-43ca-a9be-3dfc149c6d0f/method:publickey)

[02/05/20 12:57:13] [SSH] Authentication failed.

Authentication failed.

[02/05/20 12:57:13] Launch failed - cleaning up connection

[02/05/20 12:57:13] [SSH] Connection closed.

 

Not sure where this log you are talking about. Is this on the Windows machine running Jenkins?

 

Previously I did not create a Node. I simply added an entry in the Manage Jenkins à Configure System à SSH Remote Host section – added an entry here selecting that credential. In the Project I would select “Execute shell script on remote host using SSH” . But the SSH Remote Host entry is also failing on connecting to the machine. I am able to do WinSCP from the Jenkins machine to the remote host with the same user id.

 

this should work, if not you should see some error messages on the agent logs page "JENKISN_URL/computer/AGENT_NAME/log", if nothing works see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/TROUBLESHOOTING.md#common-info-needed-to-troubleshooting-a-bug there you have the information needed to troubleshoot an SSH issue


El martes, 4 de febrero de 2020, 21:53:45 (UTC+1), Sholom Sanders escribió:

On my remote Linux machine I created a private/public key to communicate with Jenkins on my Windows machine. I put the public key into authorized_keys. In Jenkins, I created a credential for this user and pasted in the private key. I then went to Manage  Jenkins --> Configure System to the SSH Remote Hosts. I created a new one with the Linux machine name and port 22 and selected the newly created credential. When I click on check connection, I am getting "Can't connect to server".  I had created two other SSH remote hosts successfully. But this lone is not going through and I am not sure how to track down the solution.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/72ae6f7e-fa54-4be5-add3-9337d70835d4%40googlegroups.com.



This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.

Mahima Mishra

未讀,
2020年2月5日 下午2:04:412020/2/5
收件者:Jenkins Users
Are you using the private key for user - mdmadmin?
Were the keys generated on jenkins master?

Sanders, Sholom

未讀,
2020年2月5日 下午2:11:232020/2/5
收件者:jenkins...@googlegroups.com
The keys were generated on the Linux machine as the mdmadmin user. Yes I am pasting in the generated private key as the mdmadmin user into the Jenkins Credentials for the linux machine. It is called jenkinsAgent_rsa

-----Original Message-----
From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Mahima Mishra
Sent: Wednesday, February 5, 2020 2:05 PM
To: Jenkins Users <jenkins...@googlegroups.com>
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fjenkinsci-users%2F464ff2f3-8d30-4266-a432-955f2b4b9617%2540googlegroups.com&amp;data=02%7C01%7Cssanders%40nycopportunity.nyc.gov%7C7ac12069a302494f684c08d7aa6e4970%7C73d61799c28440228d4154cc4f1929ef%7C0%7C0%7C637165263763117174&amp;sdata=d76wjP2%2BbyKdoxee0OHahmy9HvMQyWD6H5UtM4SHsYc%3D&amp;reserved=0.

Mahima Mishra

未讀,
2020年2月5日 下午4:14:032020/2/5
收件者:Jenkins Users
Suggest you to add a Jenkins user on the Linux slave and generate a key for that user and use the same in credentials.

Ivan Fernandez Calvo

未讀,
2020年2月5日 下午4:37:292020/2/5
收件者:Jenkins Users
Hi,

I am confused, Do you try to connect an SSH agent to a Jenkins instance to build your jobs or you are trying to configure totter thing?

or execute SSH remote commands on a host that it is not an Agent?

Sanders, Sholom

未讀,
2020年2月6日 清晨6:26:402020/2/6
收件者:jenkins...@googlegroups.com

I am trying to run a shell script on the remote host from Jenkins using SSH. I am not actually building anything. All my builds are done on the Jenkins machine and the source code comes from GIT. This particular Jenkins job is to distribute the resulting build to various environments as needed. So this job has two parameters, the environment to distribute the build to and the particular build version to distribute. There are five environments. I was able to configure successfully DEV and TSt. The configurations for UAT, STG and PRD fail to connect to server. Each environment has a shell script which copies over the deployment version to that machine.

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo
Sent: Wednesday, February 5, 2020 4:37 PM
To: Jenkins Users <jenkins...@googlegroups.com>

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

Ivan Fernandez Calvo

未讀,
2020年2月6日 上午8:57:232020/2/6
收件者:Jenkins Users

Sanders, Sholom

未讀,
2020年2月6日 上午9:48:232020/2/6
收件者:jenkins...@googlegroups.com

I already have that plugin. In my build section, I have to use conditional statements to figure out which remote machine to go to . I have to run a shell script on that machine to (1) copy the deployment directory from the deployment machine to the environment machine and (2) install the deployment into the application environment. In this case it is into IBM WebSphere which hosts the application.  The shell script which is run on the remote machine will do the scp from the deployment machine to the machine which has this shell script. The scp is not being done from the Jenkins machine where the build was done. The build project actually copies the build to a deployment machine, which hosts all the build results.

 

So in the build section of the deployment project, I am using Execute shell script on remote host using ssh. In order to do that I set up the SSH Remote Hosts in the “Configure System” under Manage Jenkins. It is in here where I am getting the error for three of the five environment hosts, UAT, STG and PRD

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo
Sent: Thursday, February 6, 2020 8:57 AM
To: Jenkins Users <jenkins...@googlegroups.com>

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

Sanders, Sholom

未讀,
2020年2月6日 上午9:52:392020/2/6
收件者:jenkins...@googlegroups.com

I am trying to figure out why the authorization on the remote host is failing. What can I do or turn on to see what is happening.

kuisathaverat

未讀,
2020年2月6日 上午11:27:072020/2/6
收件者:jenkins...@googlegroups.com
I guess you make something like `ssh user@host echo "hello"`, if you want to see the whole key interchange you have to enable the verbose mode `ssh -vvv user@host echo "hello"` this give you all the data to troubleshooting the issue

You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/8uH_CCF1nKY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/BL0PR0901MB4356A7EA45CBFEC358803115F21D0%40BL0PR0901MB4356.namprd09.prod.outlook.com.


--

Sanders, Sholom

未讀,
2020年2月11日 下午3:10:512020/2/11
收件者:jenkins...@googlegroups.com

This has been solved. In the end it turned out to be a sort of permissions problem on the authorized_keys file on the linux machines. Once this was fixed, I was able to get to all the machines with public/private keys

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo

Sent: Thursday, February 6, 2020 8:57 AM

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

回覆所有人
回覆作者
轉寄
0 則新訊息