Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25258

SSH Plugin fails to connect to openssh 6.7

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ssh-plugin
    • Labels:
      None
    • Environment:
      Java:
      java version "1.7.0_71"
      OpenJDK Runtime Environment (IcedTea 2.5.3) (Arch Linux build 7.u71_2.5.3-1-x86_64)
      OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

      Jenkins: 1.577
      SSH Plugin: 2.4 (2.3)
    • Similar Issues:

      Description

      Cannot create connection to server with OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014. In configuration page it just say cannot connect to server.

      With openssh 6.6 all works fine.

      Trying to run something on that server:

      [SSH] Exception:Algorithm negotiation fail
      com.jcraft.jsch.JSchException: Algorithm negotiation fail
      	at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
      	at com.jcraft.jsch.Session.connect(Session.java:286)
      	at com.jcraft.jsch.Session.connect(Session.java:150)
      	at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:118)
      	at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:128)
      	at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:60)
      	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:770)
      	at hudson.model.Build$BuildExecution.build(Build.java:199)
      	at hudson.model.Build$BuildExecution.doRun(Build.java:160)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
      	at hudson.model.Run.execute(Run.java:1740)
      	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
      	at hudson.model.ResourceController.execute(ResourceController.java:89)
      	at hudson.model.Executor.run(Executor.java:240)
      Build step 'Execute shell script on remote host using ssh' marked build as failure
      

      ngrep also says that "Algorithm negotiation" is the problem:

      T 192.168.20.186:49916 -> 192.168.20.188:22 [AP]
        SSH-2.0-JSCH-0.1.42.                                                                                                           
      
      T 192.168.20.188:22 -> 192.168.20.186:49916 [AP]
        SSH-2.0-OpenSSH_6.7..                                                                                                          
      
      T 192.168.20.186:49916 -> 192.168.20.188:22 [AP]
        ........^..gco..Z.$A.....=diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1....ssh-rsa,ssh-dss...Jaes128-ctr,aes128
        -cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc...Jaes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,ae
        s256-cbc...+hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96...+hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96....none....none.........
        ....H..(.4d.Qy...eV                                                                                                            
      
      T 192.168.20.188:22 -> 192.168.20.186:49916 [AP]
        ......o[.o2...d...@..z....curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-
        group-exchange-sha256,diffie-hellman-group14-sha1.../ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519...laes128-ctr,aes192-ctr,a
        es256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com...laes128-ctr,aes192-ctr,aes256-ctr,aes12
        8-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac
        -sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac
        -sha2-256,hmac-sha2-512,hmac-sha1....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-5
        12-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1....
        none,zlib@openssh.com....none,zlib@openssh.com.................                                                                
      
      T 192.168.20.186:49916 -> 192.168.20.188:22 [AP]
        ...T.........9com.jcraft.jsch.JSchException: Algorithm negotiation fail....enl....;R]7..
      

        Attachments

          Issue Links

            Activity

            Hide
            gkr G. Kr. added a comment -

            see also:
            http://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins

            it might be sufficient to switch to Jsch 0.1.51 or higher
            see http://www.jcraft.com/jsch/ChangeLog

            a 2.5 release that fixes the issue would be greatly appreciated
            OS releases using openssh >= 6.7
            debian jessie (currently stable)
            ubuntu vivid (currently stable)
            fedora 22 + 23

            Show
            gkr G. Kr. added a comment - see also: http://stackoverflow.com/questions/26424621/algorithm-negotiation-fail-ssh-in-jenkins it might be sufficient to switch to Jsch 0.1.51 or higher see http://www.jcraft.com/jsch/ChangeLog a 2.5 release that fixes the issue would be greatly appreciated OS releases using openssh >= 6.7 debian jessie (currently stable) ubuntu vivid (currently stable) fedora 22 + 23
            Hide
            ajaynpatil Ajay Patil added a comment -

            Any idea when the next release is going to be delivered ? which will fix the connection issue.

            Show
            ajaynpatil Ajay Patil added a comment - Any idea when the next release is going to be delivered ? which will fix the connection issue.
            Hide
            rgevaert Rudy Gevaert added a comment -

            This is hitting me too. A newer release would be appreciated. There is even a pull request on github that fixes it.
            https://github.com/jenkinsci/ssh-plugin/pull/15

            Show
            rgevaert Rudy Gevaert added a comment - This is hitting me too. A newer release would be appreciated. There is even a pull request on github that fixes it. https://github.com/jenkinsci/ssh-plugin/pull/15
            Hide
            tberton Thomas Berton added a comment -

            Please merge this pull request in the new release. Currently the plugin cannot be used in combination with Debian Jessie (and others see above).

            Show
            tberton Thomas Berton added a comment - Please merge this pull request in the new release. Currently the plugin cannot be used in combination with Debian Jessie (and others see above).
            Hide
            schlegels Steven Schlegel added a comment -

            Hi Folks,

            If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example:

            cp /tmp/jsch-0.1.53.jar /var/lib/jenkins/plugins/ssh/WEB-INF/lib/

            Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie.

            Hopefully the request has been merged into the next release...

            Best regards,
            Steven

            Show
            schlegels Steven Schlegel added a comment - Hi Folks, If you want to temporarily fix this issue, simply download "Jsch" with min. version of 0.1.53 and move it to the SSH plugin directory, for example: cp /tmp/jsch-0.1.53.jar / var /lib/jenkins/plugins/ssh/WEB-INF/lib/ Don't forget to restart jenkins. You should now be able to Build your Job with Debian Jessie. Hopefully the request has been merged into the next release... Best regards, Steven
            Hide
            chehrlic Christian Ehrlicher added a comment -

            Any news here? We faced the same problem and it took us some time to figure out what's going wrong just to see that the solution is known since more than 4 months ...
            Since this fix looks very simple - what's the problem updating to the new jsch version and publish a new ssh plugin?

            Show
            chehrlic Christian Ehrlicher added a comment - Any news here? We faced the same problem and it took us some time to figure out what's going wrong just to see that the solution is known since more than 4 months ... Since this fix looks very simple - what's the problem updating to the new jsch version and publish a new ssh plugin?
            Hide
            saschaszott Sascha Szott added a comment -

            In case you are using Oracle JDK you should also check that your JVM's Java Cryptography Extension (JCE) is configured appropriately. A manual update of the JSch library (to version 0.1.53 or above) was not sufficient for my Jenkins installation. Additionally, I had to replace two JAR files (local_policy.jar and US_export_policy.jar) within the lib/security directory of the JRE installation in order to establish SSH connections from Jenkins. To enable "unlimited strength" crypto you will need to download a Zip archive from Oracle that contains to modified versions of the aforementioned JAR files, e.g. for Oracle JDK 8 go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

            Please note that OpenJDK does not require this manual tuning step.

             

            Show
            saschaszott Sascha Szott added a comment - In case you are using Oracle JDK you should also check that your JVM's Java Cryptography Extension (JCE) is configured appropriately. A manual update of the JSch library (to version 0.1.53 or above) was not sufficient for my Jenkins installation. Additionally, I had to replace two JAR files (local_policy.jar and US_export_policy.jar) within the lib/security directory of the JRE installation in order to establish SSH connections from Jenkins. To enable "unlimited strength" crypto you will need to download a Zip archive from Oracle that contains to modified versions of the aforementioned JAR files, e.g. for Oracle JDK 8 go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html Please note that OpenJDK does not require this manual tuning step.  
            Hide
            ljader Łukasz Jąder added a comment -

            Recent 2.5 version of ssh-plugin uses JSch 0.1.54 version.

            Closing the issue.

            Show
            ljader Łukasz Jąder added a comment - Recent 2.5 version of ssh-plugin uses JSch 0.1.54 version. Closing the issue.

              People

              • Assignee:
                Unassigned
                Reporter:
                zzazab Evgeny Persienko
              • Votes:
                16 Vote for this issue
                Watchers:
                18 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: