Inline script running via JSCH

26 views
Skip to first unread message

Matt Thompson

unread,
Jan 29, 2024, 7:02:03 AMJan 29
to rundeck-discuss
Hi,

Rundeck BUILD : 4.13.0-20230515

In my projects the default node executor is setup as:
plugin.script-exec.default.command=ssh -oPort\=${node.sshport} -tt ${node.username}@${node.hostname} ${exec.command}
This has been working fine for several years.

After some security updates (mainly removing RSA1 from SSH on the servers) we found that any inline scripts in RD would not execute.  Despite the default node executor being set it looks like the inline scripts are still running via JSCH.

ERROR:
Failed dispatching to node epl-art-tst-db31: [jsch-scp] Failed copying the file: Authentication failure connecting to node: "<servername>". Could not authenticate.

Is there any way to alter what is used for execution of the inline scripts ?  My understanding is that SSHJ would work.  But I would prefer not to alter my default node executor.

Thanks in advance,
Matt.

rac...@rundeck.com

unread,
Jan 29, 2024, 7:43:03 AMJan 29
to rundeck-discuss
Hi Matt, 

Did you test dispatching commands against those nodes? Do you see the same error? *What about the file copier configuration?*

Is your rundeck server still using RSA1 keys? If so, take a look at this.

Greetings.

Matt Thompson

unread,
Jan 29, 2024, 2:42:59 PMJan 29
to rundeck-discuss
Thanks for your reply.  I had seen that thread and this happened after a company-wide change to remove RSA1 from our Linux servers.

Node execution seems to be OK it was just an issue with inline scripts.

I think it's the default file copier that is the issue.  I hadn't updated this from the default so I think it's using JSCH to upload the inline script to the target node and failing during the upload.  

We had to revert the security change but I can re-apply it to some test servers and see if updating the file copier helps.

Cheers,
Matt.

Matt Thompson

unread,
Jan 29, 2024, 9:05:10 PMJan 29
to rundeck-discuss
After some testing we found using SSHJ for the file copier solved the issue.
Reply all
Reply to author
Forward
0 new messages