The Problem
The Jenkins SSH Agent Plugin is failing to successfully load a key with a passphrase that is stored with the Credentials Plugin. The Jenkins Agent is running on the same machine as the Controller.
ssh_askpass: exec(/var/lib/jenkins/workspace/testing@tmp/askpass_11086250741160980548.sh): No such file or directory
The error seems to be saying that the script used to load the passphrase doesn't exist. I don't know if it exists or how to test that, as I'm assuming it's meant to be deleted quickly. I can verify the script is not there after a run, but that's expected. Therefore, I'm not sure if the problem is with the SSH Agent Plugin, or Credentials Plugin or a combination/interaction of both plugins.
The ssh-agent Binary on the Host Works
The problem does not seem to be with the host system, as I am able to successfully use ssh-add from the command line with the referenced key and passphrase.
The SSH Agent Plugin Partially Works
The username, private key and passphrase have been added into the Jenkins Controller utilizing the Credentials Plugin. The SSH Agent Plugin works as expected with a plugin that does not have a passphrase.
Current Environment
- RHEL7
- Jenkins 2.359
- SSH Agent Plugin Version 295.v9ca_a_1c7cc3a_a_
- Credentials Plugin Version 1143.vb_e8b_b_ceee347
- OpenSSH_8.8p1a
My pipeline is simple
pipeline {
agent any
options {
ansiColor('xterm')
}
stages {
stage("setup environment") {
steps {
deleteDir()
} //steps
} //stage - setup environment
stage("Test the key") {
steps {
sshagent(['testkey']) {
sh "ssh host whoami"
} //sshagent
} //steps
} //stage - Test the key
} //stages
} //pipeline
The output looks like this
[Pipeline] {
[Pipeline] sshagent
[ssh-agent] Using credentials testkey (Test key with passphrase)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-oKcZZF65GvXc/agent.31647
SSH_AGENT_PID=31650
Running ssh-add (command line suppressed)
ssh_askpass: exec(/var/lib/jenkins/workspace/testing@tmp/askpass_11086250741160980548.sh): No such file or directory
[Pipeline] // sshagent
[Pipeline] }
.
. (I removed the extraneous output showing the closing of each section.)
.
ERROR: Failed to run ssh-add
Finished: FAILURE
I've found similar issues where Jenkins was having issues interacting with the ssh-agent tools, however this isn't the case here. The indicated problem is with the script that (I'm guessing) provides the key and passphrase to ssh-agent.
For example, this post describes an issue with the ssh-askpass binary while executing ssh-add on the client.
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied, please try again.
In my scenario, ssh-add is being executed by the ssh-agent plugin on the Jenkins Controller, which is where the Jenkins Agents are launched. And the error isn't with the ssh-askpass binary, but rather the @tmp/askpass_####.sh script that Jenkins generates to interact with ssh-askpass.
Some posts with slightly different symptoms suggest removing or adding trailing newlines when adding the private key to the Jenkins web UI. I have tried this with no success.
Is there a way to test things further?
Is there more logging that I can turn on?
What is the experiment that would isolate a component and expose the root cause?
My question is similar to this question, however I have added additional information in hopes that I'm clearly stating the issue and the surrounding context.
