Plugin is not seeing settings in my config file
Opened this issue · 6 comments
Jenkins and plugins versions report
Environment
I have the following simple pipeline to test this plugindef uploadFileToSFtpSite(final String workspace,
final String remoteDir,
final String artifact) {
dir(workspace) {
withCredentials([[$class: 'UsernamePasswordMultiBinding',
credentialsId: 'sftp_user',
usernameVariable: 'SFTP_USER',
passwordVariable: 'SFTP_PW'
]]) {
sshPublisher(
publishers: [
sshPublisherDesc(
configName: 'ftp.kmhapub.com',
sshCredentials: [
encryptedPassphrase: "{$SFTP_PW}",
key: '',
keyPath: '',
username: SFTP_USER],
sshRetry: [
retries: 0,
retryDelay: 10000],
transfers: [
sshTransfer(
cleanRemote: false,
excludes: '',
execCommand: '',
execTimeout: 60000,
flatten: false,
makeEmptyDirs: false,
noDefaultExcludes: false,
patternSeparator: '[, ]+',
remoteDirectory: remoteDir,
remoteDirectorySDF: false,
removePrefix: '',
sourceFiles: artifact)],
usePromotionTimestamp: false,
useWorkspaceInPromotion: false,
verbose: true)]
)
}
}
}
node('exa-build-03') {
stage('Test SFTP') {
sh "touch junk.txt; pwd; ls; whoami"
uploadFileToSFtpSite(env.WORKSPACE, "test-ftp", "junk.txt")
}
}
I have the following ~/.ssh/config file setup up for the user that's running the pipeline
Host ftp.company.com
Hostname ftp.company.com
User devops
HostKeyAlgorithms = +ssh-rsa
PubkeyAcceptedAlgorithms = +ssh-rsa
But I'm still getting the following
What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins master: Linux jenkins.company.com 4.15.0-211-generic #222-Ubuntu SMP Tue Apr 18 18:55:06 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Jenkins Build node: Windows Server 2016 Standard
Reproduction steps
- On the build node, set up
~/.ssh/authorized_keysfile to contain a valid public ssh key - On the build node, set up
~/.ssh/configfile
Host ftp.company.com
Hostname ftp.company.com
User devops
HostKeyAlgorithms = +ssh-rsa
PubkeyAcceptedAlgorithms = +ssh-rsa
- Write a Jenkins pipeline
def uploadFileToSFtpSite(final String workspace,
final String remoteDir,
final String artifact) {
dir(workspace) {
withCredentials([[$class: 'UsernamePasswordMultiBinding',
credentialsId: 'sftp_devops_user',
usernameVariable: 'SFTP_USER',
passwordVariable: 'SFTP_PW'
]]) {
sshPublisher(
publishers: [
sshPublisherDesc(
configName: 'ftp.kmhapub.com',
sshCredentials: [
encryptedPassphrase: "{$SFTP_PW}",
key: '',
keyPath: '',
username: SFTP_USER],
sshRetry: [
retries: 0,
retryDelay: 10000],
transfers: [
sshTransfer(
cleanRemote: false,
excludes: '',
execCommand: '',
execTimeout: 60000,
flatten: false,
makeEmptyDirs: false,
noDefaultExcludes: false,
patternSeparator: '[, ]+',
remoteDirectory: remoteDir,
remoteDirectorySDF: false,
removePrefix: '',
sourceFiles: artifact)],
usePromotionTimestamp: false,
useWorkspaceInPromotion: false,
verbose: true)]
)
}
}
}
node('exa-build-03') {
stage('Test SFTP') {
sh "touch junk.txt; pwd; ls; whoami"
uploadFileToSFtpSite(env.WORKSPACE, "test-ftp", "junk.txt")
}
}
- Run it
Expected Results
Should be able to use the plugin to publish over ssh
Actual Results
I get this error
ERROR: Exception when publishing, exception message [Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [ftp.kmhapub.com]. Message [Algorithm negotiation fail: algorithmName="server_host_key" jschProposal="ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256" serverProposal="ssh-rsa"]]]
Anything else?
No response
Hi, faced exact the same problem. but from my knowledge publish over ssh is working from controller node, not from worker node. also it is Java ssh implementation so I will check now if it respects .ssh configs
@ZillaG try perform this on your controller in Script Console:
import com.jcraft.jsch.JSch
JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa")
JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa")this is from https://github.com/mwiede/jsch
on my 2.401.1 before it, it complains about unsupported ssh-rsa protocol.
to persist it : add to your controller jenkins start
-Djsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa -Djsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
坚持它:添加到你的控制器 jenkins start
-Djsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa -Djsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
我的天,非常感谢你。我为这个问题找了两天的资料,非常感谢你。我将它设置在tomcat/bin/catalina.sh 中。
JAVA_OPTS="$JAVA_OPTS -Djsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa -Djsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa"
Note the supplied flags work on controller when using the built in agent, but if you want to use remote ssh agents, you need to go into each ssh agents config and set the jvm options for the -Djsch flags there too.