[JIRA] (JENKINS-55136) Log an error when ssh private key is empty
Title: Message Title Devin Nusbaum assigned an issue to Unassigned Jenkins / JENKINS-55136 Log an error when ssh private key is empty Change By: Devin Nusbaum Assignee: Devin Nusbaum Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-55136) Log an error when ssh private key is empty
Title: Message Title Devin Nusbaum commented on JENKINS-55136 Re: Log an error when ssh private key is empty Not sure why I am the default assignee here. Migration should be automatic when upgrading to a version with the SECURITY-440 fix. CC Wadeck Follonier who worked on that fix any might have an idea of what could be going on. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-55136) Log an error when ssh private key is empty
Title: Message Title Vince Murphy commented on JENKINS-55136 Re: Log an error when ssh private key is empty After reading the java code I looked through my logs for this log message and did eventually find it. ``` SECURITY-440: Migrating FileOnMasterPrivateKeySource to DirectEntryPrivateKeySource ``` But I don't think that is enough information in this context (ie the log file, with no knowledge of the code). What does it mean, anyway? The private key has been migrated for me? (it wasn't - is that a separate issue to look at?) I should take steps to migrate the private key? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-55136) Log an error when ssh private key is empty
Title: Message Title Vince Murphy commented on JENKINS-55136 Re: Log an error when ssh private key is empty Forgot to add - the workaround for us was: Jenkins->Credentials->click on affected credential id->Update Paste the private key contents into the field provided Update the description so it no longer mentions file:/var/lib/jenkins/.ssh/jenkins Save Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-55136) Log an error when ssh private key is empty
Title: Message Title
Vince Murphy created an issue
Jenkins / JENKINS-55136
Log an error when ssh private key is empty
Issue Type:
Improvement
Assignee:
Devin Nusbaum
Components:
ssh-credentials-plugin
Created:
2018-12-12 06:18
Environment:
jenkins 2.150.1 ssh-credentials-plugin 1.14 ssh-slaves-plugin 1.29.1 java /usr/lib/jvm/java-8-oracle/jre/lib/amd64 We have one master, with a handful of SSH slaves. All running Debian Linux, of various versions (wheezy on master, jessie & stretch on slaves).
Priority:
Minor
Reporter:
Vince Murphy
This is fallout from the fix for SECURITY-440 (see https://jenkins.io/security/advisory/2018-06-25/ ) We upgraded to ensure that fix was installed back in June. For some reason it did not affect us until after upgrading to ssh-slaves 1.29.1 (from 1.28) We used to have the SSH private key that the master uses to log into the slaves, in $JENKINS_HOME/.ssh/jenkins - ie. not one of the names that jenkins searches for by default. When the master tries to connect to the client, it fails and there's no clue given as to why. This is the log I get when I try to reconnect to a node affected by this issue: ``` SSHLauncher{host='fiasco', port=22, credentialsId='', jvmOptions='', javaPath='/usr/lib/jvm/java-8-openjdk-amd64/bin/java', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=210, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true} [12/11/18 10:33:49] [SSH] Opening SSH connection to fiasco:22. [12/11/18 10:33:49] [SSH] SSH host key matches key in Known Hosts file. Connection will be allowed. [12/11/18 10:33:49] [SSH] Authentication failed. Authentication failed. [12/11/18 10:33:49] Launch fai
