Yes, I can ssh both ways. The problem seems to be that the SSH lib used by Jenkins does not support newer ciphers like ecdsa-sha2-nistp256.
After deleting the known_hosts entry and creating a new one via ssh -o HostKeyAlgorithms=ssh-rsa slave2.example.com Jenkins no longer complains. I'm not a security expert, but it seems that I'm now using a less robust cipher than before, so this is more of a workaround than a solution. Regards, Harald 2017-03-23 21:24 GMT+01:00 Harriet Severino <[email protected]>: > Can you ssh from master to slave and back as the jenkins user? If not look > at you ssh setup. SSH is picky about the permissions of all the files under > ~/.ssh. > > > > On Thursday, March 23, 2017 at 12:45:33 PM UTC-4, Harald Wellmann wrote: >> >> After upgrading to SSH Slave Plugin 1.15 on Jenkins 2.32.3, I'm getting >> warnings >> >> about missing SSH key verification which I'm trying to fix. >> >> >> I've configured Known hosts file verification strategy, I've manually ssh'ed >> >> from my master to my slave, and I've checked there's an entry in my >> >> .ssh/known_hosts on master which looks like >> >> >> slave2.example.com ecdsa-sha2-nistp256 AAAA...v+2Uc0= >> >> >> Despite that, I'm getting the following error when lauching the agent: >> >> >> [03/23/17 13:10:38] [SSH] Opening SSH connection to slave2.example.com:22. >> [03/23/17 13:10:38] [SSH] WARNING: No entry currently exists in the Known >> Hosts file for this host. Connections will be denied until this new host and >> its associated key is added to the Known Hosts file. >> Key exchange was not finished, connection is closed. >> java.io.IOException: There was a problem while connecting to >> slave2.example.com:22 >> at com.trilead.ssh2.Connection.connect(Connection.java:818) >> at com.trilead.ssh2.Connection.connect(Connection.java:687) >> at com.trilead.ssh2.Connection.connect(Connection.java:601) >> at >> hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1265) >> at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:790) >> at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:785) >> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> at java.lang.Thread.run(Thread.java:745) >> Caused by: java.io.IOException: Key exchange was not finished, connection is >> closed. >> at >> com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:93) >> at >> com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:230) >> at com.trilead.ssh2.Connection.connect(Connection.java:770) >> ... 9 more >> Caused by: java.io.IOException: The server hostkey was not accepted by the >> verifier callback >> at >> com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:535) >> at >> com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:777) >> at >> com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:489) >> ... 1 more >> [03/23/17 13:10:38] Launch failed - cleaning up connection >> [03/23/17 13:10:38] [SSH] Connection closed. >> >> >> >> >> Any ideas what's wrong here? >> >> Thanks, >> Harald >> >> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/7006ab93-7ca4-4063-baf6-7c844be60165%40googlegroups. > com > <https://groups.google.com/d/msgid/jenkinsci-users/7006ab93-7ca4-4063-baf6-7c844be60165%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAC-wabtccnb2JKWH7r773kiQ7vgMSv56pqDbnLo-veTihK0Bjw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
