1

I am trying to remote ssh into remote linux machine from Jenkins node. I created public and private key in Jenkins node and copied the public key to authorized_keys in remote machine. But I can't able to remote into remote machine. Please check the logs below.

/home/us-jenkins/jenkins/workspace/engineering/dex/college-dex@tmp/durable-9222db0d/script.sh: line 8: warning: here-document at line 2 delimited by end-of-file (wanted `EOF')
+ ssh -vvv ****@208.53.147.236
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 62: Applying options for *
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 208.53.147.236
debug1: permanently_drop_suid: 1990977432
debug1: identity file /home/us-jenkins/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/us-jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: Connection closed by remote host
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 255
Finished: FAILURE

Please let me know if any details are needed. Any help will be highly appreciated.

Raghu Ram
  • 127
  • 1
  • 13
  • `ssh_exchange_identification: Connection closed by remote host` This line means that the connection to the SSH server closed immediately after being opened. the "Executing proxy command" line indicates you're trying to proxy the connection through another ssh connection to 208.53.147.236. The problem could be that the connection to 208.53.147.236 is failing. Make sure that's working before trying to proxy connections through it. – Kenster Sep 23 '20 at 12:58
  • @Kenster can you please explain in detail if I need to check any file in Jenkins node or in remote server. – Raghu Ram Sep 23 '20 at 13:11
  • @Kenster I did not find any ssh_config file in ~/.ssh folder. From where this proxy command is getting executed. – Raghu Ram Sep 23 '20 at 13:25
  • Try commenting the line in ssh_config `#ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h` –  Sep 23 '20 at 13:26
  • @Kenster I can't able to find the ssh_config please find the below details I found in /usr/bin -rwxr-xr-x. 1 root root 774568 Jun 26 2019 ssh -rwxr-xr-x. 1 root root 360920 Jun 26 2019 ssh-add-rwxr-xr-x. 1 root root 10469 Jun 26 2019 ssh-copy-id -rwxr-xr-x. 1 root root 419208 Jun 26 2019 ssh-keygen -rwxr-xr-x. 1 root root 441024 Jun 26 2019 ssh-keyscan -rwxr-xr-x. 1 root root 23920 Oct 9 2019 sss_ssh_authorizedkeys -rwxr-xr-x. 1 root root 28000 Oct 9 2019 sss_ssh_knownhostsproxy – Raghu Ram Sep 23 '20 at 13:36
  • @Kenster please find the files in /usr/bin `-rwxr-xr-x. 1 root root 774568 Jun 26 2019 ssh -rwxr-xr-x. 1 root root 360920 Jun 26 2019 ssh-add ---x--s--x. 1 root nobody 382216 Jun 26 2019 ssh-agent -rwxr-xr-x. 1 root root 10469 Jun 26 2019 ssh-copy-id -rwxr-xr-x. 1 root root 419208 Jun 26 2019 ssh-keygen -rwxr-xr-x. 1 root root 441024 Jun 26 2019 ssh-keyscan -rwxr-xr-x. 1 root root 23920 Oct 9 2019 sss_ssh_authorizedkeys -rwxr-xr-x. 1 root root 28000 Oct 9 2019 sss_ssh_knownhostsproxy ` – Raghu Ram Sep 23 '20 at 13:40
  • Hi @Kenster I found that below values in ssh_config. 'GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts PubkeyAuthentication yes ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %hHost * GSSAPIAuthentication yes – Raghu Ram Sep 23 '20 at 14:20
  • @Kenster this the same ssh_config which is working for other Jenkins node to SSH into remote server. But for my Jenkins node I can't able to SSH to remote server. – Raghu Ram Sep 23 '20 at 14:21

2 Answers2

1

The issue can be closed. The issue is our jenkins server is in restricted network hence SSH won't work. We removed the restriction on firewall and the issue was fixed.

Raghu Ram
  • 127
  • 1
  • 13
0

Following SSH Credentials Management with Jenkins, make sure you have:

  • registered the private key as an SSH credentials in jenkins
  • use a passphrase-less private key, or use the SSH Agent plugin
  • use both of those elements in your pipeline step

Example:

stage ('Deploy') {
    steps{
        sshagent(credentials : ['use-the-id-from-credential-generated-by-jenkins']) {

As noted in the comments, Jenkins uses a proxy command which means its execution user must have a ssh.config (like /etc/ssh/ssh_config) which instructs any SSH call to go through that proxy.

If said proxy fails, that would explain the error message.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hi @VonC I registered the private key as an Ssh credential in Jenkins and used sshagent(credentials : ['use-the-id-from-credential-generated-by-jenkins']) in Jenkins Pipeline stage. But still I am receiving the same error. – Raghu Ram Sep 23 '20 at 12:49
  • @RaghuRam Is your private key protected by a passphrase? – VonC Sep 23 '20 at 12:53
  • Inorder to make sure the keys are working fine I copied the Private Key to my Mac machine and tried to SSH into remote server which worked successfully. But when doing SSH from Jenkins I am getting this error. – Raghu Ram Sep 23 '20 at 12:56
  • Hi @VonC my private key is not protected by passphrase. – Raghu Ram Sep 23 '20 at 12:58
  • @RaghuRam "Executing proxy command": I did not see at first that part. That would explain the difference between a user session and the Jenkins session. – VonC Sep 23 '20 at 12:58
  • @RaghuRam Check out https://stackoverflow.com/q/36081742/6309: that could help troubleshoot the proxy step I mention in my revised answer. – VonC Sep 23 '20 at 13:01
  • Thanks for your reply @VonC. I mean to say I replaced my local Mac Laptop private key with Jenkins node Private Key and can able to SSH into remote machine. But if I tried to SSH from Jenkins node it is not working. – Raghu Ram Sep 23 '20 at 13:06
  • @RaghuRam Yes, because from Jenkins, contrary, I suspect, to your regular user session, it uses a proxy. – VonC Sep 23 '20 at 13:07
  • Hi @VonC I checked the .ssh folder and found that it consists of id_rsa and id_rsa.pub but not ssh.config file. Can you please let me know where to find this ssh.config in Jenkins node. – Raghu Ram Sep 23 '20 at 13:17
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/221941/discussion-between-vonc-and-raghu-ram). – VonC Sep 23 '20 at 13:18
  • please find the ssh_config details below. 'GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts PubkeyAuthentication yes ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h Host * GSSAPIAuthentication yes ' – Raghu Ram Sep 23 '20 at 14:18
  • I added the same but still can't Able to SSH. Please find the details below for Server where SSH is working fine. ` debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: permanently_drop_suid: 1990977855 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9 debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 207.52.152.237:22 as 'administrator' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 ` – Raghu Ram Sep 28 '20 at 09:41