ssh authentication in jenkins/jenkins:lts docker image hangs during clone

[Ozgur Cagdas]

Hi,

I am running a container created off jenkins/jenkins:lts docker image on 64-bit Ubuntu 16.04.1 LTS and git poll and clone operations hang when I use ssh authentication with an ssh key with passphrase

Started on Dec 22, 2017 1:47:55 PM

Polling SCM changes on master

Using strategy: Default

> git rev-parse --is-inside-work-tree # timeout=10

Fetching changes from the remote Git repositories

> git config remote.origin.url g...@github.com:username/repo_path.git # timeout=10

Fetching upstream changes from g...@github.com:username/repo_path.git

> git --version # timeout=10

using GIT_SSH to set credentials test-key

> git fetch --tags --progress g...@github.com:username/repo_path.git +refs/heads/*:refs/remotes/origin/* # timeout=3

This is the ps output when the poll hangs

jenkins   2405  0.0  0.0  15604  1080 13:49 git ls-remote -h g...@github.com:username/repo_path.git HEAD

jenkins   2409  0.0  0.0   4288   800 13:49 /bin/sh /tmp/ssh852924073958836602.sh g...@github.com git-upload-pack 'username/repo_path.git'

jenkins   2410  0.0  0.0  47248  5616 13:49 ssh -i /tmp/ssh253076704069644928.key -l jenkins -o StrictHostKeyChecking=no g...@github.com git-upload-pack 'username/repo_path.git'

The jenkins plugins that are used are the latest available git, git client, ssh agent and ssh credentials.

When I run the ssh -i line on the console manually, it does prompt for password and then interacts with the remote git server as expected.

Another input is, if I clone the repo with username/password authentication over https and assign the passphrase ssh credentials to the jenkins item in the configuration, I can still interact with the remote repo in jenkins execute shell.

If I resort to using a key without a passphrase, it all works fine. I saw quite a few people complaining about similar issues on different forums but there doesn't seem to be an answer about if there is a solution for it and what the issue is. I am not sure if this is a jenkins, jenkins plugin, docker or just a configuration issue. So, pointers to identify the issue is appreciated.

Regards,

Oz

[Mark Waite]

If the passphrase contains characters which are expanded by the shell, then the shell expansion may damage the passphrase and cause the ssh command to hang prompting for a passphrase.

Shell expansion shouldn't be invoked on the characters of the passphrase.  I consider that a bug, but a bug that is not yet fixed.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9c7908f7-df01-4a25-a927-d02a50641832%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.