SSH Remote Host not being able to connect

283 views
Skip to first unread message

Sholom Sanders

unread,
Feb 4, 2020, 3:53:45 PM2/4/20
to Jenkins Users
On my remote Linux machine I created a private/public key to communicate with Jenkins on my Windows machine. I put the public key into authorized_keys. In Jenkins, I created a credential for this user and pasted in the private key. I then went to Manage  Jenkins --> Configure System to the SSH Remote Hosts. I created a new one with the Linux machine name and port 22 and selected the newly created credential. When I click on check connection, I am getting "Can't connect to server".  I had created two other SSH remote hosts successfully. But this lone is not going through and I am not sure how to track down the solution.

Ivan Fernandez Calvo

unread,
Feb 5, 2020, 11:11:50 AM2/5/20
to Jenkins Users
I understand you have a Jenkins instance that runs on a windows machine and you want to use a Linux machine as an agent connected by SSH
* Create an SSH key pair (public/private)
* Create an SSH credential in the Jenkins machine and put the private key there
  * Select the SSH credential created before as credentials
  * Chose the verification strategy that you want, see the documentation, if you have problems start with the "Non verifying Verification Strategy" you can change it later
* Add the public key on ~/.ssh/authorized_keys

this should work, if not you should see some error messages on the agent logs page "JENKISN_URL/computer/AGENT_NAME/log", if nothing works see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/TROUBLESHOOTING.md#common-info-needed-to-troubleshooting-a-bug there you have the information needed to troubleshoot an SSH issue

Sanders, Sholom

unread,
Feb 5, 2020, 1:15:58 PM2/5/20
to jenkins...@googlegroups.com

 

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo
Sent: Wednesday, February 5, 2020 11:12 AM
To: Jenkins Users <jenkins...@googlegroups.com>
Subject: [SOCIAL NETWORK] Re: SSH Remote Host not being able to connect

 

I understand you have a Jenkins instance that runs on a windows machine and you want to use a Linux machine as an agent connected by SSH

* Create an SSH key pair (public/private)   Ran the command “ssh-keygen -t rsa -C "Jenkins agent key" -f "jenkinsAgent_rsa"  “

* Create an SSH credential in the Jenkins machine and put the private key there Created the credentials and put jenkinsAgent_rsa into it.

* Create an SSH agent see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/CONFIGURE.md#configure-launch-agents-via-sshThis is creating a node which I didn’t do before – so I created the node and selected the credential with the private key. The verification strategy slect is non-verifying.

  * Select the SSH credential created before as credentials

  * Chose the verification strategy that you want, see the documentation, if you have problems start with the "Non verifying Verification Strategy" you can change it later

* Add the public key on ~/.ssh/authorized_keys This was done

 

I tried to relaunch the node and got the following:

 

[02/05/20 12:57:13] [SSH] Opening SSH connection to msslva-hhsmdm07.csc.nycnet:22.

[02/05/20 12:57:13] [SSH] WARNING: SSH Host Keys are not being verified. Man-in-the-middle attacks may be possible against this connection.

ERROR: Server rejected the 1 private key(s) for mdmadmin (credentialId:c6bf4c24-0a05-43ca-a9be-3dfc149c6d0f/method:publickey)

[02/05/20 12:57:13] [SSH] Authentication failed.

Authentication failed.

[02/05/20 12:57:13] Launch failed - cleaning up connection

[02/05/20 12:57:13] [SSH] Connection closed.

 

Not sure where this log you are talking about. Is this on the Windows machine running Jenkins?

 

Previously I did not create a Node. I simply added an entry in the Manage Jenkins à Configure System à SSH Remote Host section – added an entry here selecting that credential. In the Project I would select “Execute shell script on remote host using SSH” . But the SSH Remote Host entry is also failing on connecting to the machine. I am able to do WinSCP from the Jenkins machine to the remote host with the same user id.

 

this should work, if not you should see some error messages on the agent logs page "JENKISN_URL/computer/AGENT_NAME/log", if nothing works see https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/doc/TROUBLESHOOTING.md#common-info-needed-to-troubleshooting-a-bug there you have the information needed to troubleshoot an SSH issue


El martes, 4 de febrero de 2020, 21:53:45 (UTC+1), Sholom Sanders escribió:

On my remote Linux machine I created a private/public key to communicate with Jenkins on my Windows machine. I put the public key into authorized_keys. In Jenkins, I created a credential for this user and pasted in the private key. I then went to Manage  Jenkins --> Configure System to the SSH Remote Hosts. I created a new one with the Linux machine name and port 22 and selected the newly created credential. When I click on check connection, I am getting "Can't connect to server".  I had created two other SSH remote hosts successfully. But this lone is not going through and I am not sure how to track down the solution.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/72ae6f7e-fa54-4be5-add3-9337d70835d4%40googlegroups.com.




This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.

Mahima Mishra

unread,
Feb 5, 2020, 2:04:41 PM2/5/20
to Jenkins Users
Are you using the private key for user - mdmadmin?
Were the keys generated on jenkins master?

Sanders, Sholom

unread,
Feb 5, 2020, 2:11:23 PM2/5/20
to jenkins...@googlegroups.com
The keys were generated on the Linux machine as the mdmadmin user. Yes I am pasting in the generated private key as the mdmadmin user into the Jenkins Credentials for the linux machine. It is called jenkinsAgent_rsa

-----Original Message-----
From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Mahima Mishra
Sent: Wednesday, February 5, 2020 2:05 PM
To: Jenkins Users <jenkins...@googlegroups.com>
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fjenkinsci-users%2F464ff2f3-8d30-4266-a432-955f2b4b9617%2540googlegroups.com&amp;data=02%7C01%7Cssanders%40nycopportunity.nyc.gov%7C7ac12069a302494f684c08d7aa6e4970%7C73d61799c28440228d4154cc4f1929ef%7C0%7C0%7C637165263763117174&amp;sdata=d76wjP2%2BbyKdoxee0OHahmy9HvMQyWD6H5UtM4SHsYc%3D&amp;reserved=0.

Mahima Mishra

unread,
Feb 5, 2020, 4:14:03 PM2/5/20
to Jenkins Users
Suggest you to add a Jenkins user on the Linux slave and generate a key for that user and use the same in credentials.

Ivan Fernandez Calvo

unread,
Feb 5, 2020, 4:37:29 PM2/5/20
to Jenkins Users
Hi,

I am confused, Do you try to connect an SSH agent to a Jenkins instance to build your jobs or you are trying to configure totter thing?

or execute SSH remote commands on a host that it is not an Agent?

Sanders, Sholom

unread,
Feb 6, 2020, 6:26:40 AM2/6/20
to jenkins...@googlegroups.com

I am trying to run a shell script on the remote host from Jenkins using SSH. I am not actually building anything. All my builds are done on the Jenkins machine and the source code comes from GIT. This particular Jenkins job is to distribute the resulting build to various environments as needed. So this job has two parameters, the environment to distribute the build to and the particular build version to distribute. There are five environments. I was able to configure successfully DEV and TSt. The configurations for UAT, STG and PRD fail to connect to server. Each environment has a shell script which copies over the deployment version to that machine.

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo
Sent: Wednesday, February 5, 2020 4:37 PM
To: Jenkins Users <jenkins...@googlegroups.com>

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

Ivan Fernandez Calvo

unread,
Feb 6, 2020, 8:57:23 AM2/6/20
to Jenkins Users

Sanders, Sholom

unread,
Feb 6, 2020, 9:48:23 AM2/6/20
to jenkins...@googlegroups.com

I already have that plugin. In my build section, I have to use conditional statements to figure out which remote machine to go to . I have to run a shell script on that machine to (1) copy the deployment directory from the deployment machine to the environment machine and (2) install the deployment into the application environment. In this case it is into IBM WebSphere which hosts the application.  The shell script which is run on the remote machine will do the scp from the deployment machine to the machine which has this shell script. The scp is not being done from the Jenkins machine where the build was done. The build project actually copies the build to a deployment machine, which hosts all the build results.

 

So in the build section of the deployment project, I am using Execute shell script on remote host using ssh. In order to do that I set up the SSH Remote Hosts in the “Configure System” under Manage Jenkins. It is in here where I am getting the error for three of the five environment hosts, UAT, STG and PRD

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo
Sent: Thursday, February 6, 2020 8:57 AM
To: Jenkins Users <jenkins...@googlegroups.com>

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

Sanders, Sholom

unread,
Feb 6, 2020, 9:52:39 AM2/6/20
to jenkins...@googlegroups.com

I am trying to figure out why the authorization on the remote host is failing. What can I do or turn on to see what is happening.

kuisathaverat

unread,
Feb 6, 2020, 11:27:07 AM2/6/20
to jenkins...@googlegroups.com
I guess you make something like `ssh user@host echo "hello"`, if you want to see the whole key interchange you have to enable the verbose mode `ssh -vvv user@host echo "hello"` this give you all the data to troubleshooting the issue

You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/8uH_CCF1nKY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/BL0PR0901MB4356A7EA45CBFEC358803115F21D0%40BL0PR0901MB4356.namprd09.prod.outlook.com.


--

Sanders, Sholom

unread,
Feb 11, 2020, 3:10:51 PM2/11/20
to jenkins...@googlegroups.com

This has been solved. In the end it turned out to be a sort of permissions problem on the authorized_keys file on the linux machines. Once this was fixed, I was able to get to all the machines with public/private keys

 

From: jenkins...@googlegroups.com <jenkins...@googlegroups.com> On Behalf Of Ivan Fernandez Calvo

Sent: Thursday, February 6, 2020 8:57 AM

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages