Hi Mark, thanks for your reply. I filed a bug for it (https://issues.jenkins-ci.org/browse/JENKINS-44018) Cheers, Jaap
Op dinsdag 2 mei 2017 14:30:39 UTC+2 schreef Mark Waite: > > I think you've detected a bug (or likely multiple bugs). I think they may > be due to the recent updates to the trilead ssh library in the weekly > build. Thanks for detecting them! > > Passing Test Configuration > > I have a Docker configuration that running Jenkins 2.46.2 with "Manually > provided Key Verification Strategy". That master uses ssh agents connected > to various physical machines for platform testing, including Debian 7, > Debian 8, Ubuntu 14, Ubuntu 16, CentOS 6, CentOS 7, Windows 7, and Windows > 10. Each of the Linux agents in that configuration includes the host key > in the agent configuration and connects successfully no matter where I run > that docker instance inside my network. > > Failing Test Configuration > > If I take that same configuration and replace Jenkins 2.46.2 with Jenkins > 2.58, I see multiple failures. > > - None of the ssh agents connect at startup with Jenkins 2.58. The > log reports "WARNING: The SSH key for this host does not match the key > required in the connection configuration" and reports > "java.io.IOException: > Key exchange was not finished, connection is closed" and reports "The > server hostkey was not accepted by the verifier callback" > - If I reconfigure each agent to switch from "Manually provided Key > Verification Strategy" to "Non verifying Verification Strategy", then the > Debian 8, Ubuntu 14, Ubuntu 16, CentOS 6, and CentOS 7 ssh based agents > are > able to connect. The Debian 7 ssh based agent is not able to connect. It > reports "IOException: There was a problem while connecting to > wheezy64b.markwaite.net:22" and "IOException: Key exchange was not > finished, connection is closed" and "IOException: Cannot read full block, > EOF reached". Note, the "Cannot read full block" is a different failure > message than the other platforms > > I suspect the ssh implementation on Debian 7 is too old for the changes > that were made to the trilead ssh implementation recently. That would > explain the failure you (and I) are seeing with Debian 7. If that is > correct, then there may be nothing to be done about the issue, since Debian > 7 is rapidly approaching its end of life. The Debian project will likely > stop supporting Debian 7 as soon as they release Debian 9. Your likely > best solution (for now) is to stay with Jenkins 2.46.2 long term support > release. > > I can't explain why the "Manually provided Key Verification Strategy" no > longer works. > > There was a surprising stack trace in the startup of my docker instance > using 2.58 which isn't there with 2.46.2. It says: > > May 02, 2017 6:26:03 AM > hudson.init.impl.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler > uncaughtException > > SEVERE: A thread (Thread-30/307) died unexpectedly due to an uncaught > exception, this may leave your Jenkins in a bad way and is usually > indicative of a bug in the code. > java.lang.NullPointerException > at > com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:447) > at > com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:790) > at > com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:502) > at java.lang.Thread.run(Thread.java:745) > > That may have something to do with at least one of the failures. > > Could you log a bug so that this can be tracked? We want some time to > review the behavior before the base Jenkins version is chosen for the next > long term support release. > > Mark Waite > > On Tue, May 2, 2017 at 5:48 AM Richard Ginga <[email protected] > <javascript:>> wrote: > >> depending on how you are starting the slave, there are ways to designate >> which version of Java to use different from any default java. for ssh >> connections, see the advanced button. for webstart, see the slave.xml file. >> (or something like that) >> >> On Tue, May 2, 2017 at 2:12 AM, Jaap de Jong <[email protected] >> <javascript:>> wrote: >> >>> Hi All! >>> >>> Since a recent update my slave jenkins node will not launch. >>> It is running debian 7 with oracle jre 1.8.0_131. >>> The master runs debian 8 with the same jvm. >>> Launching the slave fails on the first ssh connection the master tries >>> to make. >>> In the /var/log/jenkins/jenkins.log on the master: >>> >>> [05/01/17 08:09:14] SSH Launch of OpenEmbedded Buildserver on mySlave >>> failed in 4,899 ms >>> May 01, 2017 8:09:14 AM >>> hudson.remoting.SynchronousCommandTransport$ReaderThread run >>> SEVERE: I/O error in channel OpenEmbedded Buildserver >>> java.io.IOException: Unexpected termination of the channel >>> at >>> hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:73) >>> Caused by: java.io.EOFException >>> at >>> java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2335) >>> at >>> java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.java:2804) >>> at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:802) >>> at java.io.ObjectInputStream.<init>(ObjectInputStream.java:299) >>> at >>> hudson.remoting.ObjectInputStreamEx.<init>(ObjectInputStreamEx.java:48) >>> at >>> hudson.remoting.AbstractSynchronousByteArrayCommandTransport.read(AbstractSynchronousByteArrayCommandTransport.java:34) >>> at >>> hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:59) >>> >>> On the slave in /var/log/auth.log: >>> >>> May 1 14:03:27 nvs0559 sshd[31795]: fatal: dh_gen_key: group too small: >>> 1024 (2*need 1024) [preauth] >>> >>> Upgrading the slave to debian 8 fixes it, but I really need debian 7 for >>> the project to be able to build it. >>> What are my options? >>> >>> Thanks! >>> Jaap de Jong >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-users/fec29bdf-e118-47ef-9f97-4f4552db0d63%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/jenkinsci-users/fec29bdf-e118-47ef-9f97-4f4552db0d63%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Dick Ginga >> Build Engineer >> [email protected] <javascript:> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/CAL3PpaXMYkUoqTL2%2Bd6-6GTWgdD9dASOnus-0yk-U9Tb4jsQkg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/CAL3PpaXMYkUoqTL2%2Bd6-6GTWgdD9dASOnus-0yk-U9Tb4jsQkg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/94411409-27ef-43bc-936b-de1c9b9550bd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
