Thank you! I added this workaround to https://issues.jenkins-ci.org/browse/JENKINS-42959
On Friday, March 24, 2017 at 1:31:34 AM UTC-7, Harald Wellmann wrote: > > Yes, I can ssh both ways. The problem seems to be that the SSH lib used by > Jenkins does not support newer ciphers like ecdsa-sha2-nistp256. > > After deleting the known_hosts entry and creating a new one via > > ssh -o HostKeyAlgorithms=ssh-rsa slave2.example.com > > Jenkins no longer complains. > > I'm not a security expert, but it seems that I'm now using a less robust > cipher than before, so this is more of a workaround than a solution. > > Regards, > Harald > > 2017-03-23 21:24 GMT+01:00 Harriet Severino <[email protected] > <javascript:>>: > >> Can you ssh from master to slave and back as the jenkins user? If not >> look at you ssh setup. SSH is picky about the permissions of all the files >> under ~/.ssh. >> >> >> >> On Thursday, March 23, 2017 at 12:45:33 PM UTC-4, Harald Wellmann wrote: >>> >>> After upgrading to SSH Slave Plugin 1.15 on Jenkins 2.32.3, I'm getting >>> warnings >>> >>> about missing SSH key verification which I'm trying to fix. >>> >>> >>> I've configured Known hosts file verification strategy, I've manually >>> ssh'ed >>> >>> from my master to my slave, and I've checked there's an entry in my >>> >>> .ssh/known_hosts on master which looks like >>> >>> >>> slave2.example.com ecdsa-sha2-nistp256 AAAA...v+2Uc0= >>> >>> >>> Despite that, I'm getting the following error when lauching the agent: >>> >>> >>> [03/23/17 13:10:38] [SSH] Opening SSH connection to slave2.example.com:22. >>> [03/23/17 13:10:38] [SSH] WARNING: No entry currently exists in the Known >>> Hosts file for this host. Connections will be denied until this new host >>> and its associated key is added to the Known Hosts file. >>> Key exchange was not finished, connection is closed. >>> java.io.IOException: There was a problem while connecting to >>> slave2.example.com:22 >>> at com.trilead.ssh2.Connection.connect(Connection.java:818) >>> at com.trilead.ssh2.Connection.connect(Connection.java:687) >>> at com.trilead.ssh2.Connection.connect(Connection.java:601) >>> at >>> hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1265) >>> at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:790) >>> at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:785) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: java.io.IOException: Key exchange was not finished, connection >>> is closed. >>> at >>> com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:93) >>> at >>> com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:230) >>> at com.trilead.ssh2.Connection.connect(Connection.java:770) >>> ... 9 more >>> Caused by: java.io.IOException: The server hostkey was not accepted by the >>> verifier callback >>> at >>> com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:535) >>> at >>> com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:777) >>> at >>> com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:489) >>> ... 1 more >>> [03/23/17 13:10:38] Launch failed - cleaning up connection >>> [03/23/17 13:10:38] [SSH] Connection closed. >>> >>> >>> >>> >>> Any ideas what's wrong here? >>> >>> Thanks, >>> Harald >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/7006ab93-7ca4-4063-baf6-7c844be60165%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/7006ab93-7ca4-4063-baf6-7c844be60165%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/bcb3b1f9-b12f-4faa-b16f-e1fd3bacc4cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
