Need help - build "Execute Shell"

58 views
Skip to first unread message

Shrikant Nayak

unread,
Jul 16, 2020, 4:27:40 AM7/16/20
to Jenkins Users

Hello Jenkins Gurus / Users,
Has anyone come across similar issues as me & resolved? 
ssh password less connection works fine (using rsa public key).
my shell script works fine if I run from command prompt in Jenkins system; However the same script fails through Jenkins job. Please see part of the console output for the error; the job is successful, but it does not copy intended file to the remote host. 


debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to Host1:22 as 'xyz'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: uma...@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: uma...@openssh.com compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:DZ+zWvrtcOKUjQqdV68PgiRjDI1F3mJtBhVoXq5uGhk
debug1: Host 'Host1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:10
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:0)

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
Finished: SUCCESS

Sakshi Rathore

unread,
Jul 20, 2020, 5:38:15 PM7/20/20
to Jenkins Users
I am also facing same kind of issue :

0

I have a absh script which connects and exexutes programs from my local to remote server and now this should be executed from jenkins build so for this jenkins is taking continous changes from git for this script but my build is failing with below error:

Warning: Identity file /c/Users/D35N/Downloads/GitHubProjeckt/Automation/GitHubProjeckt/newharbortestkey not accessible: No such file or directory. Host key verification failed. Build step 'Execute shell' marked build as failure

I have tried to set ssh connectivity in my jenkins server for this remote server ,credentials and ssh plugins but using my key i am getting an error cant connect to the server.

when i run the script from local it works fine and my ssh connection gets established properly using SSH key.

jenkins server is also integrated or installed on my kuberenets cluster which is my remote server in this case and bash script should execute on this kuberenets cluster.

sakshira...@gmail.com

unread,
Jul 29, 2020, 6:04:38 AM7/29/20
to Jenkins Users

by any chance this issue is resolved for you ? if yes then how ? please advise.

sakshira...@gmail.com

unread,
Jul 29, 2020, 6:07:17 AM7/29/20
to Jenkins Users
and how it worked for you:  ssh password less connection works fine (using rsa public key). i followed below steps to do this: i followed below steps to resolve it till now but didnt work:

  • Create an SSH key pair (public/private) Ran the command “ssh-keygen -t rsa -C "Jenkins agent key" -f "jenkinsAgent_rsa" “

  • Create an SSH credential in the Jenkins machine and put the private key there Created the credentials and put jenkinsAgent_rsa into it.

  • Create an SSH agent see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/CONFIGURE.md#configure-launch-agents-via-ssh – This is creating a node which I didn’t do before – so I created the node and selected the credential with the private key. The verification strategy slect is non-verifying.

    • Select the SSH credential created before as credentials

    • Chose the verification strategy that you want, see the documentation, if you have problems start with the "Non verifying Verification Strategy" you can change it later

  • Add the public key on ~/.ssh/authorized_keys This was done

but i am not able to establish the connection between jenkins and ssh server
my ssh and jenkins server both are hosted on same ip

On Thursday, July 16, 2020 at 10:27:40 AM UTC+2 shrik...@gmail.com wrote:

Björn Pedersen

unread,
Jul 29, 2020, 8:38:02 AM7/29/20
to Jenkins Users


  • Create an SSH key pair (public/private) Ran the command “ssh-keygen -t rsa -C "Jenkins agent key" -f "jenkinsAgent_rsa" “

  • Create an SSH credential in the Jenkins machine and put the private key there Created the credentials and put jenkinsAgent_rsa into it.

These steps are fine
 

  • Create an SSH agent see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/CONFIGURE.md#configure-launch-agents-via-ssh – This is creating a node which I didn’t do before – so I created the node and selected the credential with the private key. The verification strategy slect is non-verifying.

    • Select the SSH credential created before as credentials

    • Chose the verification strategy that you want, see the documentation, if you have problems start with the "Non verifying Verification Strategy" you can change it later


This doing something completly different, you  are creating a jenkins agent via ssh,  what you need is an ssh-agent. 

I assume you are using pipelines, the wrap the ssh-calling sh step in an sshagent wrapper (best to use the Snippet generator for the details).
 

  • Add the public key on ~/.ssh/authorized_keys This was done


Fine again ( at least if ~ expand to the correct user (whatever jenkins is running the agent as), unless you also explicitly specify the user in your ssh requests.  From the log it looks like
the agent is running as root (no a good idea, but that is another thing), so you would need to add the key to /root/.ssh/authorized_keys (and possibly allow remote root logins in the sshd config).

sakshira...@gmail.com

unread,
Jul 29, 2020, 9:37:06 AM7/29/20
to Jenkins Users
thanks, i try this way . Could you please also suggest  Create an SSH key pair  this step should be executed on jenkins server or ssh server. till now i have executed on ssh server 

jeremy mordkoff

unread,
Jul 29, 2020, 1:17:01 PM7/29/20
to Jenkins Users
Normally a SSH keypair is created on the client (in your case the jenkins server) and then the public key is copied to the server. This is more secure because the private key is created on the client and is never copied anywhere else. 

This level of security is rarely needed or enforced in a lab, but it is a good habit anyway. 

Make sure the keys you use for jenkins do not have a pass-phrase.
Reply all
Reply to author
Forward
0 new messages