Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26379

Jenkins - ssh connection exception

    Details

    • Similar Issues:

      Description

      I am trying to configure a slave for my jenkins Master but getting following exception:

      ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
      java.lang.IllegalStateException: Connection is not established!
      at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
      at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82)
      at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
      at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
      at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
      at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
      at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
      at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
      at java.util.concurrent.FutureTask.run(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)
      [01/07/15 16:51:10] Launch failed - cleaning up connection
      [01/07/15 16:51:10] [SSH] Connection closed.
      Any idea of what's the issue here?

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Looks like the password is wrong or something like that.

            Show
            danielbeck Daniel Beck added a comment - Looks like the password is wrong or something like that.
            Hide
            magneto09 Mohit Sharma added a comment -

            I am able to connect from other hosts using same ssh credentials

            Show
            magneto09 Mohit Sharma added a comment - I am able to connect from other hosts using same ssh credentials
            Hide
            fdrouet Frédéric DROUET added a comment -

            Mohit Sharma : any news about your problem ? did you succeed to solve it ? I have the same problem and even after double checked everything I can't fix my problem.

            Show
            fdrouet Frédéric DROUET added a comment - Mohit Sharma : any news about your problem ? did you succeed to solve it ? I have the same problem and even after double checked everything I can't fix my problem.
            Show
            integer Kanstantsin Shautsou added a comment - Mohit Sharma https://wiki.jenkins-ci.org/display/JENKINS/How+to+report+an+issue#Howtoreportanissue-WhatinformationtoprovideforEnvironmentandDescription
            Hide
            aheritier Arnaud Héritier added a comment - - edited

            For Frédéric DROUET the issue occurs when moving an agent from a server to another (same account, same ssh key).
            The main difference between servers hosting the agents : the old is an ubuntu 12.04 and the new one an ubuntu 14.04
            Doing a diff between verbose connexion logs of a classical ssh gives :

            jenkins@master:~$ diff -u old new
            --- old	2015-06-08 22:38:39.000000000 +0200
            +++ new	2015-06-08 22:37:53.000000000 +0200
            @@ -1,7 +1,7 @@
             OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
             debug1: Reading configuration data /etc/ssh/ssh_config
             debug1: /etc/ssh/ssh_config line 19: Applying options for *
            -debug1: Connecting to old [A.B.C.D] port 22.
            +debug1: Connecting to new [E.F.G.H] port 22.
             debug1: Connection established.
             debug1: identity file /opt/jenkins/.ssh/id_rsa type 1
             debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
            @@ -11,20 +11,22 @@
             debug1: identity file /opt/jenkins/.ssh/id_dsa-cert type -1
             debug1: identity file /opt/jenkins/.ssh/id_ecdsa type -1
             debug1: identity file /opt/jenkins/.ssh/id_ecdsa-cert type -1
            -debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
            -debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH*
            +debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
            +debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
             debug1: Enabling compatibility mode for protocol 2.0
             debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
             debug1: SSH2_MSG_KEXINIT sent
             debug1: SSH2_MSG_KEXINIT received
            -debug1: kex: server->client aes128-ctr hmac-md5 none
            -debug1: kex: client->server aes128-ctr hmac-md5 none
            -debug1: sending SSH2_MSG_KEX_ECDH_INIT
            -debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
            -debug1: Server host key: ECDSA 7f:04:0f:f4:64:0c:82:8a:15:0a:2d:f9:d3:bf:8f:60
            -debug1: Host 'old' is known and matches the ECDSA host key.
            -debug1: Found key in /opt/jenkins/.ssh/known_hosts:10
            -debug1: ssh_ecdsa_verify: signature correct
            +debug1: kex: server->client aes128-ctr hmac-sha2-256 none
            +debug1: kex: client->server aes128-ctr hmac-sha2-256 none
            +debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
            +debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
            +debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
            +debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
            +debug1: Server host key: RSA b8:92:db:37:ba:2d:c6:52:0e:82:da:6d:4b:2e:83:ca
            +debug1: Host 'new' is known and matches the RSA host key.
            +debug1: Found key in /opt/jenkins/.ssh/known_hosts:8
            +debug1: ssh_rsa_verify: signature correct
             debug1: SSH2_MSG_NEWKEYS sent
             debug1: expecting SSH2_MSG_NEWKEYS
             debug1: SSH2_MSG_NEWKEYS received
            @@ -37,7 +39,7 @@
             debug1: Server accepts key: pkalg ssh-rsa blen 279
             debug1: read PEM private key done: type RSA
             debug1: Authentication succeeded (publickey).
            -Authenticated to old ([A.B.C.D]:22).
            +Authenticated to new ([E.F.G.H]:22).
             debug1: channel 0: new [client-session]
             debug1: Requesting no-more-sessions@openssh.com
             debug1: Entering interactive session.
            @@ -45,3 +47,4 @@
             debug1: Sending env LC_ALL = en_US.UTF-8
             debug1: Sending env LANG = en_GB.UTF-8
             debug1: Sending env LC_CTYPE = UTF-8
            
            Show
            aheritier Arnaud Héritier added a comment - - edited For Frédéric DROUET the issue occurs when moving an agent from a server to another (same account, same ssh key). The main difference between servers hosting the agents : the old is an ubuntu 12.04 and the new one an ubuntu 14.04 Doing a diff between verbose connexion logs of a classical ssh gives : jenkins@master:~$ diff -u old new --- old 2015-06-08 22:38:39.000000000 +0200 +++ new 2015-06-08 22:37:53.000000000 +0200 @@ -1,7 +1,7 @@ OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * -debug1: Connecting to old [A.B.C.D] port 22. +debug1: Connecting to new [E.F.G.H] port 22. debug1: Connection established. debug1: identity file /opt/jenkins/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 @@ -11,20 +11,22 @@ debug1: identity file /opt/jenkins/.ssh/id_dsa-cert type -1 debug1: identity file /opt/jenkins/.ssh/id_ecdsa type -1 debug1: identity file /opt/jenkins/.ssh/id_ecdsa-cert type -1 -debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4 -debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH* +debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 +debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received -debug1: kex: server->client aes128-ctr hmac-md5 none -debug1: kex: client->server aes128-ctr hmac-md5 none -debug1: sending SSH2_MSG_KEX_ECDH_INIT -debug1: expecting SSH2_MSG_KEX_ECDH_REPLY -debug1: Server host key: ECDSA 7f:04:0f:f4:64:0c:82:8a:15:0a:2d:f9:d3:bf:8f:60 -debug1: Host 'old' is known and matches the ECDSA host key. -debug1: Found key in /opt/jenkins/.ssh/known_hosts:10 -debug1: ssh_ecdsa_verify: signature correct +debug1: kex: server->client aes128-ctr hmac-sha2-256 none +debug1: kex: client->server aes128-ctr hmac-sha2-256 none +debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent +debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP +debug1: SSH2_MSG_KEX_DH_GEX_INIT sent +debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY +debug1: Server host key: RSA b8:92:db:37:ba:2d:c6:52:0e:82:da:6d:4b:2e:83:ca +debug1: Host ' new ' is known and matches the RSA host key. +debug1: Found key in /opt/jenkins/.ssh/known_hosts:8 +debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received @@ -37,7 +39,7 @@ debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). -Authenticated to old ([A.B.C.D]:22). +Authenticated to new ([E.F.G.H]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. @@ -45,3 +47,4 @@ debug1: Sending env LC_ALL = en_US.UTF-8 debug1: Sending env LANG = en_GB.UTF-8 debug1: Sending env LC_CTYPE = UTF-8
            Hide
            fdrouet Frédéric DROUET added a comment -

            I have found a workaround which allow my jenkins server (akka master) (Ubuntu 12.04 + jdk-oracle-7u67-x64) to start a Jenkins slave agent on the new server (Ubuntu 14.04) by commenting the MACs ... configuration line on the new server /etc/ssh/sshd_config file.

            After reloading SSH server, no more problem for jenkins master to establish a ssh connexion.

            For information, the MACs parameter of my new server was :

            MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

            Show
            fdrouet Frédéric DROUET added a comment - I have found a workaround which allow my jenkins server (akka master) (Ubuntu 12.04 + jdk-oracle-7u67-x64) to start a Jenkins slave agent on the new server (Ubuntu 14.04) by commenting the MACs ... configuration line on the new server /etc/ssh/sshd_config file. After reloading SSH server, no more problem for jenkins master to establish a ssh connexion. For information, the MACs parameter of my new server was : MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
            Hide
            aheritier Arnaud Héritier added a comment -

            Frédéric DROUET Can you tell us what is the default MACs value (man sshd_config must give you the list AFAIR) thus the one which is working ....

            Show
            aheritier Arnaud Héritier added a comment - Frédéric DROUET Can you tell us what is the default MACs value (man sshd_config must give you the list AFAIR) thus the one which is working ....
            Hide
            fdrouet Frédéric DROUET added a comment -

            The man on my Ubuntu 14.04 server says :

                 MACs    Specifies the available MAC (message authentication code) algorithms.  The MAC algorithm is used in protocol version 2 for data integrity protection.  Multiple algorithms must be comma-separated.  The algorithms that contain “-etm” calculate the MAC after encryption (encrypt-then-mac).  These are
                         considered safer and their use recommended.  The default is:
            
                               hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
                               umac-64-etm@openssh.com,umac-128-etm@openssh.com,
                               hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
                               hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
                               hmac-md5-96-etm@openssh.com,
                               hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
                               hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
                               hmac-sha1-96,hmac-md5-96
            
            Show
            fdrouet Frédéric DROUET added a comment - The man on my Ubuntu 14.04 server says : MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. The algorithms that contain “-etm” calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. The default is: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, umac-64-etm@openssh.com,umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com, hmac-md5-96-etm@openssh.com, hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com, hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, hmac-sha1-96,hmac-md5-96
            Hide
            aheritier Arnaud Héritier added a comment - - edited

            Additional note on Frédéric DROUET case, the exception was :

            [06/09/15 00:36:25] [SSH] Opening SSH connection to new:22.
            Key exchange was not finished, connection is closed.
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            	at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88)
            	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80)
            	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
            	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
            	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
            	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
            	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
            	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
            	at java.lang.Thread.run(Thread.java:745)
            [06/09/15 00:36:25] Launch failed - cleaning up connection
            [06/09/15 00:36:25] [SSH] Connection closed.
            

            The important error is Key exchange was not finished, connection is closed. I'm not sure if it couldn't be better to open a dedicated issue just for this problem. JERKINS-26379 is too generic and without enough details (or we change its subject but I'm not sure this is the problem that Mohit Sharma had)

            Show
            aheritier Arnaud Héritier added a comment - - edited Additional note on Frédéric DROUET case, the exception was : [06/09/15 00:36:25] [SSH] Opening SSH connection to new :22. Key exchange was not finished, connection is closed. ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang. Thread .run( Thread .java:745) [06/09/15 00:36:25] Launch failed - cleaning up connection [06/09/15 00:36:25] [SSH] Connection closed. The important error is Key exchange was not finished, connection is closed. I'm not sure if it couldn't be better to open a dedicated issue just for this problem. JERKINS-26379 is too generic and without enough details (or we change its subject but I'm not sure this is the problem that Mohit Sharma had)
            Hide
            ryreitsma Roelof Reitsma added a comment - - edited

            I'm running into the same error as Frédéric when trying to connect to a slave with Jenkins 1.617 (both up-to-date CentOS 7 VM's) if I specify MACs as

            MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

            If I remove the MACs config completely from /etc/ssh/sshd_config on the slave and it uses the default, it works. Trying to find out what the problem was has actually cost me a day, so please respond if you need more info to solve this issue. For the moment my workaround is to use default MACs on build node ssh config. But if you have any info on which MAC algorithm should work, I'd be glad to test it out.

            Show
            ryreitsma Roelof Reitsma added a comment - - edited I'm running into the same error as Frédéric when trying to connect to a slave with Jenkins 1.617 (both up-to-date CentOS 7 VM's) if I specify MACs as MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 If I remove the MACs config completely from /etc/ssh/sshd_config on the slave and it uses the default, it works. Trying to find out what the problem was has actually cost me a day, so please respond if you need more info to solve this issue. For the moment my workaround is to use default MACs on build node ssh config. But if you have any info on which MAC algorithm should work, I'd be glad to test it out.
            Hide
            teilo James Nord added a comment - - edited

            I saw the exception that Arnaud Héritier listed above. The remote OS was not running (behind a firewall with port forwarding if it makes a difference.)

            credentials are set to use a private key.

            Jenkins 1.609.3
            JDK 8 on Windows 8 64bit
            ssh-credentials 1.11
            credentials plugin 1.23
            ssh slaves 1.10

            [09/17/15 11:25:46] [SSH] Opening SSH connection to some.remote.host:22.
            Connection timed out: connect
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            	at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88)
            	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80)
            	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
            	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
            	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
            	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
            	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
            	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
            	at java.lang.Thread.run(Thread.java:745)
            [09/17/15 11:26:07] Launch failed - cleaning up connection
            [09/17/15 11:26:07] [SSH] Connection closed.
            
            Show
            teilo James Nord added a comment - - edited I saw the exception that Arnaud Héritier listed above. The remote OS was not running (behind a firewall with port forwarding if it makes a difference.) credentials are set to use a private key. Jenkins 1.609.3 JDK 8 on Windows 8 64bit ssh-credentials 1.11 credentials plugin 1.23 ssh slaves 1.10 [09/17/15 11:25:46] [SSH] Opening SSH connection to some.remote.host:22. Connection timed out: connect ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) [09/17/15 11:26:07] Launch failed - cleaning up connection [09/17/15 11:26:07] [SSH] Connection closed.
            Hide
            oneiroi David Busby added a comment - - edited

            Limited Key Exchange Algorithms are supported

            https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/src/main/java/hudson/plugins/sshslaves/SFTPClient.java references com.trilead.ssh2.Connection

            SSH Library in use therefor is https://github.com/jenkinsci/trilead-ssh2

            https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/transport/KexManager.java#L416-L449 https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/transport/KexManager.java#L326-L341

            Illustrate that only diffie-hellman-group-exchange-sha1 && diffie-hellman-group1-sha1 are supported for key exchange

            As noted by google sha1 is to be considered weak: https://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html

            In short, the trilead-ssh2 library needs to be updated to add support for more current key exchange algorithms

            e.g.

            • curve25519-sha256@libssh.org
            • diffie-hellman-group-exchange-sha256

            Limited MAC algortihms are supported

            https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/crypto/digest/MAC.java#L19

            Shows support only for weaker MAC algorithms: "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5"

            More current algorithms should be considered and the library updated to support them.

            e.g.

            • hmac-sha2-512-etm@openssh.com
            • hmac-sha2-256-etm@openssh.com
            • hmac-ripemd160-etm@openssh.com
            • umac-128-etm@openssh.com
            • hmac-sha2-51
            • hmac-sha2-256
            • hmac-ripemd160
            • umac-128@openssh.com

            Summary

            https://github.com/jenkinsci/trilead-ssh2 does not meet the more stringent requirements faced when used in a hardened SSH configuration envrionment; this is likely to become an increasing issue as more users move to a more secure configuration.

            As such the library must be updated or replaced to bring in support for more secure algorithms, otherwise users are forced to deploy a known weak configuration to continue using this feature.

            Show
            oneiroi David Busby added a comment - - edited Limited Key Exchange Algorithms are supported https://github.com/jenkinsci/ssh-slaves-plugin/blob/master/src/main/java/hudson/plugins/sshslaves/SFTPClient.java references com.trilead.ssh2.Connection SSH Library in use therefor is https://github.com/jenkinsci/trilead-ssh2 https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/transport/KexManager.java#L416-L449 https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/transport/KexManager.java#L326-L341 Illustrate that only diffie-hellman-group-exchange-sha1 && diffie-hellman-group1-sha1 are supported for key exchange As noted by google sha1 is to be considered weak: https://googleonlinesecurity.blogspot.co.uk/2014/09/gradually-sunsetting-sha-1.html In short, the trilead-ssh2 library needs to be updated to add support for more current key exchange algorithms e.g. curve25519-sha256@libssh.org diffie-hellman-group-exchange-sha256 Limited MAC algortihms are supported https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/crypto/digest/MAC.java#L19 Shows support only for weaker MAC algorithms: "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" More current algorithms should be considered and the library updated to support them. e.g. hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-ripemd160-etm@openssh.com umac-128-etm@openssh.com hmac-sha2-51 hmac-sha2-256 hmac-ripemd160 umac-128@openssh.com Summary https://github.com/jenkinsci/trilead-ssh2 does not meet the more stringent requirements faced when used in a hardened SSH configuration envrionment; this is likely to become an increasing issue as more users move to a more secure configuration. As such the library must be updated or replaced to bring in support for more secure algorithms, otherwise users are forced to deploy a known weak configuration to continue using this feature.
            Hide
            lievencardoen Lieven Cardoen added a comment -

            I'm having the same issue. The unix slave (cent os) has been running for months and suddenly, last week (January 30th), I have started to have the same issue described here. We probably did update some Jenkins plugins, but not Jenkins itself. I would need to ask the IT department if something has changed regarding firewalls, other security, ... but I doubt it.

            Show
            lievencardoen Lieven Cardoen added a comment - I'm having the same issue. The unix slave (cent os) has been running for months and suddenly, last week (January 30th), I have started to have the same issue described here. We probably did update some Jenkins plugins, but not Jenkins itself. I would need to ask the IT department if something has changed regarding firewalls, other security, ... but I doubt it.
            Hide
            sebanism Sebastian Allocca added a comment -

            Jenkins folks, Is it possible to get an indication of when this issue might be resolved? We have a security requirement from our client that is impacting, and are keen to at least be able to report on when a resolution might be planned. Thanks!

            Show
            sebanism Sebastian Allocca added a comment - Jenkins folks, Is it possible to get an indication of when this issue might be resolved? We have a security requirement from our client that is impacting, and are keen to at least be able to report on when a resolution might be planned. Thanks!
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Same here. Haven't got a clue why this suddenly started occurring. Worked fine for months...

            Show
            lievencardoen Lieven Cardoen added a comment - Same here. Haven't got a clue why this suddenly started occurring. Worked fine for months...
            Hide
            lievencardoen Lieven Cardoen added a comment -

            My logs after restart of my Jenkins master VM (deleting all logs before starting Jenkins again).

            feb 18, 2016 12:06:36 PM winstone.Logger logInternal
            INFO: Beginning extraction from war file
            feb 18, 2016 12:06:36 PM org.eclipse.jetty.util.log.JavaUtilLog info
            INFO: jetty-winstone-2.9
            feb 18, 2016 12:06:40 PM org.eclipse.jetty.util.log.JavaUtilLog info
            INFO: NO JSP Support for , did not find org.apache.jasper.servlet.JspServlet
            feb 18, 2016 12:06:41 PM org.eclipse.jetty.util.log.JavaUtilLog info
            INFO: Started SelectChannelConnector@0.0.0.0:8080
            feb 18, 2016 12:06:41 PM winstone.Logger logInternal
            INFO: Winstone Servlet Engine v2.0 running: controlPort=disabled
            feb 18, 2016 12:06:42 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Started initialization
            feb 18, 2016 12:06:42 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Listed all plugins
            Feb 18, 2016 12:06:43 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Prepared all plugins
            Feb 18, 2016 12:06:56 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Started all plugins
            Feb 18, 2016 12:06:56 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Augmented all extensions
            Feb 18, 2016 12:06:56 PM hudson.slaves.SlaveComputer tryReconnect
            INFO: Attempting to reconnect DEV-G-UX
            Feb 18, 2016 12:06:56 PM hudson.slaves.SlaveComputer tryReconnect
            INFO: Attempting to reconnect SRV-CI-MADE-UNIX
            Feb 18, 2016 12:07:01 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Loaded all jobs
            Feb 18, 2016 12:07:02 PM hudson.model.AsyncPeriodicWork$1 run
            INFO: Started Download metadata
            Feb 18, 2016 12:07:02 PM hudson.model.AsyncPeriodicWork$1 run
            INFO: Finished Download metadata. 3 ms
            Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh
            INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@2e6b353e: display name [Root WebApplicationContext]; startup date [Thu Feb 18 12:07:04 CET 2016]; root of context hierarchy
            Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactory
            INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@2e6b353e]: org.springframework.beans.factory.support.DefaultListableBeanFactory@646d5af4
            Feb 18, 2016 12:07:04 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
            INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@646d5af4: defining beans [authenticationManager]; root of factory hierarchy
            Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh
            INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@196a1c5d: display name [Root WebApplicationContext]; startup date [Thu Feb 18 12:07:04 CET 2016]; root of context hierarchy
            Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactory
            INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@196a1c5d]: org.springframework.beans.factory.support.DefaultListableBeanFactory@508b1fd3
            Feb 18, 2016 12:07:04 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
            INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@508b1fd3: defining beans [filter,legacy]; root of factory hierarchy
            Feb 18, 2016 12:07:04 PM org.jenkinsci.main.modules.sshd.SSHD start
            INFO: Started SSHD at port 49503
            Feb 18, 2016 12:07:04 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Completed initialization
            Feb 18, 2016 12:07:04 PM hudson.slaves.SlaveComputer tryReconnect
            INFO: Attempting to reconnect DEV-G-UX
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Started initialization
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Listed all plugins
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Prepared all plugins
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Started all plugins
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Augmented all extensions
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Loaded all jobs
            Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained
            INFO: Completed initialization
            Feb 18, 2016 12:07:09 PM hudson.WebAppMain$3 run
            INFO: Jenkins is fully up and running
            Feb 18, 2016 12:07:13 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #1 from /192.168.1.42:61342
            Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #2 from /192.168.1.164:57140
            Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #3 from /192.168.1.55:64914
            Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #4 from /192.168.1.124:57017
            Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #5 from /192.168.1.64:55873
            Feb 18, 2016 12:07:15 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #6 from /192.168.222.40:54503
            Feb 18, 2016 12:07:15 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #7 from /192.168.1.154:60209
            Feb 18, 2016 12:07:21 PM javax.jmdns.impl.DNSStatefulObject$DefaultImplementation waitForAnnounced
            WARNING: Wait for announced timed out: DNS: SRV-CI-MADE-WIN.local. state: announcing 1 task: Announcer(SRV-CI-MADE-WIN.local.) state: announcing 1
            Feb 18, 2016 12:07:28 PM javax.jmdns.impl.DNSStatefulObject$DefaultImplementation waitForAnnounced
            WARNING: Wait for announced timed out: DNS: SRV-CI-MADE-WIN.local. state: probing 2 task: Prober(SRV-CI-MADE-WIN.local.) state: probing 2
            Feb 18, 2016 12:07:28 PM hudson.slaves.SlaveComputer tryReconnect
            INFO: Attempting to reconnect DEV-G-UX
            Feb 18, 2016 12:08:28 PM hudson.slaves.SlaveComputer tryReconnect
            INFO: Attempting to reconnect DEV-G-UX
            Feb 18, 2016 12:08:42 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
            INFO: Accepted connection #8 from /192.168.1.172:49192
            Feb 18, 2016 12:09:28 PM hudson.slaves.SlaveComputer tryReconnect
            INFO: Attempting to reconnect DEV-G-UX

            Running from: C:\Jenkins\jenkins.war
            webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
            Jenkins home directory: C:\Jenkins found at: EnvVars.masterEnvVars.get("JENKINS_HOME")
            [02/18/16 12:06:59] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,469 ms
            [02/18/16 12:07:04] SSH Launch of DEV-G-UX on DEV-G-UX failed in 38 ms
            [02/18/16 12:07:06] SSH Launch of SRV-CI-MADE-UNIX on 192.168.1.152 completed in 9,781 ms
            [02/18/16 12:07:36] SSH Launch of DEV-G-UX on DEV-G-UX failed in 7,834 ms
            [02/18/16 12:08:07] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,261 ms
            [02/18/16 12:08:31] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,258 ms
            [02/18/16 12:09:31] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,321 ms

            In Jenkins:

            [02/18/16 12:08:05] [SSH] Opening SSH connection to DEV-G-UX:22.
            DEV-G-UX
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            [02/18/16 12:08:07] Launch failed - cleaning up connection
            [02/18/16 12:08:07] [SSH] Connection closed.
            [02/18/16 12:08:28] [SSH] Opening SSH connection to DEV-G-UX:22.
            DEV-G-UX
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            [02/18/16 12:08:31] Launch failed - cleaning up connection
            [02/18/16 12:08:31] [SSH] Connection closed.
            [02/18/16 12:09:29] [SSH] Opening SSH connection to DEV-G-UX:22.
            DEV-G-UX
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            [02/18/16 12:09:31] Launch failed - cleaning up connection
            [02/18/16 12:09:31] [SSH] Connection closed.

            Show
            lievencardoen Lieven Cardoen added a comment - My logs after restart of my Jenkins master VM (deleting all logs before starting Jenkins again). feb 18, 2016 12:06:36 PM winstone.Logger logInternal INFO: Beginning extraction from war file feb 18, 2016 12:06:36 PM org.eclipse.jetty.util.log.JavaUtilLog info INFO: jetty-winstone-2.9 feb 18, 2016 12:06:40 PM org.eclipse.jetty.util.log.JavaUtilLog info INFO: NO JSP Support for , did not find org.apache.jasper.servlet.JspServlet feb 18, 2016 12:06:41 PM org.eclipse.jetty.util.log.JavaUtilLog info INFO: Started SelectChannelConnector@0.0.0.0:8080 feb 18, 2016 12:06:41 PM winstone.Logger logInternal INFO: Winstone Servlet Engine v2.0 running: controlPort=disabled feb 18, 2016 12:06:42 PM jenkins.InitReactorRunner$1 onAttained INFO: Started initialization feb 18, 2016 12:06:42 PM jenkins.InitReactorRunner$1 onAttained INFO: Listed all plugins Feb 18, 2016 12:06:43 PM jenkins.InitReactorRunner$1 onAttained INFO: Prepared all plugins Feb 18, 2016 12:06:56 PM jenkins.InitReactorRunner$1 onAttained INFO: Started all plugins Feb 18, 2016 12:06:56 PM jenkins.InitReactorRunner$1 onAttained INFO: Augmented all extensions Feb 18, 2016 12:06:56 PM hudson.slaves.SlaveComputer tryReconnect INFO: Attempting to reconnect DEV-G-UX Feb 18, 2016 12:06:56 PM hudson.slaves.SlaveComputer tryReconnect INFO: Attempting to reconnect SRV-CI-MADE-UNIX Feb 18, 2016 12:07:01 PM jenkins.InitReactorRunner$1 onAttained INFO: Loaded all jobs Feb 18, 2016 12:07:02 PM hudson.model.AsyncPeriodicWork$1 run INFO: Started Download metadata Feb 18, 2016 12:07:02 PM hudson.model.AsyncPeriodicWork$1 run INFO: Finished Download metadata. 3 ms Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@2e6b353e: display name [Root WebApplicationContext] ; startup date [Thu Feb 18 12:07:04 CET 2016] ; root of context hierarchy Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactory INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@2e6b353e] : org.springframework.beans.factory.support.DefaultListableBeanFactory@646d5af4 Feb 18, 2016 12:07:04 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@646d5af4: defining beans [authenticationManager] ; root of factory hierarchy Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh INFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@196a1c5d: display name [Root WebApplicationContext] ; startup date [Thu Feb 18 12:07:04 CET 2016] ; root of context hierarchy Feb 18, 2016 12:07:04 PM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactory INFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@196a1c5d] : org.springframework.beans.factory.support.DefaultListableBeanFactory@508b1fd3 Feb 18, 2016 12:07:04 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@508b1fd3: defining beans [filter,legacy] ; root of factory hierarchy Feb 18, 2016 12:07:04 PM org.jenkinsci.main.modules.sshd.SSHD start INFO: Started SSHD at port 49503 Feb 18, 2016 12:07:04 PM jenkins.InitReactorRunner$1 onAttained INFO: Completed initialization Feb 18, 2016 12:07:04 PM hudson.slaves.SlaveComputer tryReconnect INFO: Attempting to reconnect DEV-G-UX Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Started initialization Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Listed all plugins Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Prepared all plugins Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Started all plugins Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Augmented all extensions Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Loaded all jobs Feb 18, 2016 12:07:09 PM jenkins.InitReactorRunner$1 onAttained INFO: Completed initialization Feb 18, 2016 12:07:09 PM hudson.WebAppMain$3 run INFO: Jenkins is fully up and running Feb 18, 2016 12:07:13 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #1 from /192.168.1.42:61342 Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #2 from /192.168.1.164:57140 Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #3 from /192.168.1.55:64914 Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #4 from /192.168.1.124:57017 Feb 18, 2016 12:07:14 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #5 from /192.168.1.64:55873 Feb 18, 2016 12:07:15 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #6 from /192.168.222.40:54503 Feb 18, 2016 12:07:15 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #7 from /192.168.1.154:60209 Feb 18, 2016 12:07:21 PM javax.jmdns.impl.DNSStatefulObject$DefaultImplementation waitForAnnounced WARNING: Wait for announced timed out: DNS: SRV-CI-MADE-WIN.local. state: announcing 1 task: Announcer(SRV-CI-MADE-WIN.local.) state: announcing 1 Feb 18, 2016 12:07:28 PM javax.jmdns.impl.DNSStatefulObject$DefaultImplementation waitForAnnounced WARNING: Wait for announced timed out: DNS: SRV-CI-MADE-WIN.local. state: probing 2 task: Prober(SRV-CI-MADE-WIN.local.) state: probing 2 Feb 18, 2016 12:07:28 PM hudson.slaves.SlaveComputer tryReconnect INFO: Attempting to reconnect DEV-G-UX Feb 18, 2016 12:08:28 PM hudson.slaves.SlaveComputer tryReconnect INFO: Attempting to reconnect DEV-G-UX Feb 18, 2016 12:08:42 PM hudson.TcpSlaveAgentListener$ConnectionHandler run INFO: Accepted connection #8 from /192.168.1.172:49192 Feb 18, 2016 12:09:28 PM hudson.slaves.SlaveComputer tryReconnect INFO: Attempting to reconnect DEV-G-UX Running from: C:\Jenkins\jenkins.war webroot: EnvVars.masterEnvVars.get("JENKINS_HOME") Jenkins home directory: C:\Jenkins found at: EnvVars.masterEnvVars.get("JENKINS_HOME") [02/18/16 12:06:59] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,469 ms [02/18/16 12:07:04] SSH Launch of DEV-G-UX on DEV-G-UX failed in 38 ms [02/18/16 12:07:06] SSH Launch of SRV-CI-MADE-UNIX on 192.168.1.152 completed in 9,781 ms [02/18/16 12:07:36] SSH Launch of DEV-G-UX on DEV-G-UX failed in 7,834 ms [02/18/16 12:08:07] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,261 ms [02/18/16 12:08:31] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,258 ms [02/18/16 12:09:31] SSH Launch of DEV-G-UX on DEV-G-UX failed in 2,321 ms In Jenkins: [02/18/16 12:08:05] [SSH] Opening SSH connection to DEV-G-UX:22. DEV-G-UX ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) [02/18/16 12:08:07] Launch failed - cleaning up connection [02/18/16 12:08:07] [SSH] Connection closed. [02/18/16 12:08:28] [SSH] Opening SSH connection to DEV-G-UX:22. DEV-G-UX ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) [02/18/16 12:08:31] Launch failed - cleaning up connection [02/18/16 12:08:31] [SSH] Connection closed. [02/18/16 12:09:29] [SSH] Opening SSH connection to DEV-G-UX:22. DEV-G-UX ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) [02/18/16 12:09:31] Launch failed - cleaning up connection [02/18/16 12:09:31] [SSH] Connection closed.
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Installing the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files doesn't resolve the issue.

            Kind regards, Lieven Cardoen

            Show
            lievencardoen Lieven Cardoen added a comment - Installing the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files doesn't resolve the issue. Kind regards, Lieven Cardoen
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Also doesn't work with root user.

            Kind regards, Lieven Cardoen

            Show
            lievencardoen Lieven Cardoen added a comment - Also doesn't work with root user. Kind regards, Lieven Cardoen
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Using port 443 instead of port 22 also doesn't work. (suggested by someone on Stackoverflow).

            http://stackoverflow.com/questions/27226845/unable-to-start-slave-node-in-jenkins

            Show
            lievencardoen Lieven Cardoen added a comment - Using port 443 instead of port 22 also doesn't work. (suggested by someone on Stackoverflow). http://stackoverflow.com/questions/27226845/unable-to-start-slave-node-in-jenkins
            Hide
            danielbeck Daniel Beck added a comment - - edited

            Anything interesting in the sshd error log? Consider running as `sshd -d` (for OpenSSH) for verbose output logged to standard out. You'll probably find that there's no overlap between server and client supported key exchange algorithms as previously commented by David Busby.

            Show
            danielbeck Daniel Beck added a comment - - edited Anything interesting in the sshd error log? Consider running as `sshd -d` (for OpenSSH) for verbose output logged to standard out. You'll probably find that there's no overlap between server and client supported key exchange algorithms as previously commented by David Busby .
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Where can I find the sshd error log?

            Show
            lievencardoen Lieven Cardoen added a comment - Where can I find the sshd error log?
            Hide
            lievencardoen Lieven Cardoen added a comment -

            How do you configure it in Jenkins to run as sshd -d?

            Add -d in the JVM Options?

            Show
            lievencardoen Lieven Cardoen added a comment - How do you configure it in Jenkins to run as sshd -d? Add -d in the JVM Options?
            Hide
            lievencardoen Lieven Cardoen added a comment -

            From the logs on the CentOs machine:

            Feb 19 09:10:09 DEV-G-UX sshd[1122]: Accepted password for root from 192.168.1.65 port 57926 ssh2
            Feb 19 09:10:09 DEV-G-UX sshd[1122]: pam_unix(sshd:session): session opened for user root by (uid=0)

            But in Jenkins I still get:

            [02/19/16 09:16:19] [SSH] Opening SSH connection to DEV-G-UX:22.
            DEV-G-UX
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            [02/19/16 09:16:21] Launch failed - cleaning up connection
            [02/19/16 09:16:21] [SSH] Connection closed.

            Show
            lievencardoen Lieven Cardoen added a comment - From the logs on the CentOs machine: Feb 19 09:10:09 DEV-G-UX sshd [1122] : Accepted password for root from 192.168.1.65 port 57926 ssh2 Feb 19 09:10:09 DEV-G-UX sshd [1122] : pam_unix(sshd:session): session opened for user root by (uid=0) But in Jenkins I still get: [02/19/16 09:16:19] [SSH] Opening SSH connection to DEV-G-UX:22. DEV-G-UX ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) [02/19/16 09:16:21] Launch failed - cleaning up connection [02/19/16 09:16:21] [SSH] Connection closed.
            Hide
            danielbeck Daniel Beck added a comment -

            But in Jenkins I still get

            Are your clocks so much out of sync, or are you looking at two different events?

            Show
            danielbeck Daniel Beck added a comment - But in Jenkins I still get Are your clocks so much out of sync, or are you looking at two different events?
            Hide
            lievencardoen Lieven Cardoen added a comment -

            They could well be out of sync. Could that be the reason?

            Show
            lievencardoen Lieven Cardoen added a comment - They could well be out of sync. Could that be the reason?
            Hide
            danielbeck Daniel Beck added a comment -

            I don't know. I'm more concerned that you're looking at unrelated log entries.

            Show
            danielbeck Daniel Beck added a comment - I don't know. I'm more concerned that you're looking at unrelated log entries.
            Hide
            antonioua Anton Kuznetsov added a comment - - edited

            there are two workaround ways:
            1. update of "JSch dependency plugin" with jsch-0.1.53.jar
            2. modify key exchange algorithm on your slave:
            vi /etc/ssh/sshd_config
            <<<
            KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

            Show
            antonioua Anton Kuznetsov added a comment - - edited there are two workaround ways: 1. update of "JSch dependency plugin" with jsch-0.1.53.jar 2. modify key exchange algorithm on your slave: vi /etc/ssh/sshd_config <<< KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Hi Anton,

            Have added

            KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

            curve25519... is unkown... ( Unsupported KEX algorithm "curve25519-sha256@libssh.org" ).

            The plugin JSch dependency plugin wasn't even installed... So I installed it, but I don't know if that was of any use.

            restarted sshd service.

            In Jenkins still the same error...

            Show
            lievencardoen Lieven Cardoen added a comment - Hi Anton, Have added KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 curve25519... is unkown... ( Unsupported KEX algorithm "curve25519-sha256@libssh.org" ). The plugin JSch dependency plugin wasn't even installed... So I installed it, but I don't know if that was of any use. restarted sshd service. In Jenkins still the same error...
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Do I need to add Ciphers and/or MACs?

            In my sshd_config there were no KexAlgorithms, Ciphers or MACs defined.

            Lieven Cardoen

            Show
            lievencardoen Lieven Cardoen added a comment - Do I need to add Ciphers and/or MACs? In my sshd_config there were no KexAlgorithms, Ciphers or MACs defined. Lieven Cardoen
            Hide
            lievencardoen Lieven Cardoen added a comment -

            So in Jenkins:

            [03/01/16 12:17:10] [SSH] Opening SSH connection to DEV-G-UX:22.
            DEV-G-UX
            ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
            java.lang.IllegalStateException: Connection is not established!
            at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
            at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
            at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
            at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
            at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)
            [03/01/16 12:17:13] Launch failed - cleaning up connection
            [03/01/16 12:17:13] [SSH] Connection closed.

            In my sshd log file (actually /var/log/secure ) on Centos:

            Mar 1 12:14:08 SRV-CI-MADE-UNIX sshd[14189]: Received signal 15; terminating.
            Mar 1 12:14:08 SRV-CI-MADE-UNIX sshd[14289]: Server listening on 0.0.0.0 port 22.
            Mar 1 12:14:08 SRV-CI-MADE-UNIX sshd[14289]: Server listening on :: port 22.

            So I can't see any trace of my Jenkins trying to log in...

            Lieven

            Show
            lievencardoen Lieven Cardoen added a comment - So in Jenkins: [03/01/16 12:17:10] [SSH] Opening SSH connection to DEV-G-UX:22. DEV-G-UX ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate(TrileadSSHPasswordAuthenticator.java:82) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) [03/01/16 12:17:13] Launch failed - cleaning up connection [03/01/16 12:17:13] [SSH] Connection closed. In my sshd log file (actually /var/log/secure ) on Centos: Mar 1 12:14:08 SRV-CI-MADE-UNIX sshd [14189] : Received signal 15; terminating. Mar 1 12:14:08 SRV-CI-MADE-UNIX sshd [14289] : Server listening on 0.0.0.0 port 22. Mar 1 12:14:08 SRV-CI-MADE-UNIX sshd [14289] : Server listening on :: port 22. So I can't see any trace of my Jenkins trying to log in... Lieven
            Hide
            lievencardoen Lieven Cardoen added a comment -

            Never mind. DNS problem apparently. With IP address it does work.

            Show
            lievencardoen Lieven Cardoen added a comment - Never mind. DNS problem apparently. With IP address it does work.
            Hide
            mtfurlan Mark Furland added a comment -

            I had the same error, using the mDNS name, `localhost`, and `127.0.0.1` didn't work, but using the IP address on our local network did.

            Show
            mtfurlan Mark Furland added a comment - I had the same error, using the mDNS name, `localhost`, and `127.0.0.1` didn't work, but using the IP address on our local network did.
            Hide
            zpf7879 John Zhang added a comment -

            I have the same error and I use IP instead of hostname, and then the problem disappeared.
            This should be fixed.

            Show
            zpf7879 John Zhang added a comment - I have the same error and I use IP instead of hostname, and then the problem disappeared. This should be fixed.
            Hide
            macetw macetw added a comment - - edited

            Putting in an IP address (instead of a hostname for DNS lookup) does not help my case. I'm still getting an exception:
            com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate

            I am using Jenkins 2.19.3.

            Show
            macetw macetw added a comment - - edited Putting in an IP address (instead of a hostname for DNS lookup) does not help my case. I'm still getting an exception: com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPasswordAuthenticator.canAuthenticate I am using Jenkins 2.19.3.
            Hide
            akash_soori Akash Soori added a comment -

            After adding valid Java path in Advanced... section of node configuration, above issue got resolved.

            Show
            akash_soori Akash Soori added a comment - After adding valid Java path in Advanced... section of node configuration, above issue got resolved.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oliver Gondža
            Path:
            src/main/java/hudson/plugins/sshslaves/SSHLauncher.java
            http://jenkins-ci.org/commit/ssh-slaves-plugin/44d7e2f9b1c768c52002e06b3ebecf5399f81cdb
            Log:
            [FIXED JENKINS-26379][FIXED JENKINS-41163]JENKINS-34100 Do not swallow IOException in case it is not recoverable.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: src/main/java/hudson/plugins/sshslaves/SSHLauncher.java http://jenkins-ci.org/commit/ssh-slaves-plugin/44d7e2f9b1c768c52002e06b3ebecf5399f81cdb Log: [FIXED JENKINS-26379] [FIXED JENKINS-41163] JENKINS-34100 Do not swallow IOException in case it is not recoverable.
            Hide
            mc1arke Michael Clarke added a comment -

            I've currently got Pull Requests raised for adding newer MAC, KEX and Key Algorithms into Trilead. These will add support for:

            Key Exchange (KEX):

            MAC:

            Key Algorithms:

            I've not done anything on implementation specific variants (e.g. anything ending in @openssh.com or similar) that have been mentioned in any of the above comments

             

            Show
            mc1arke Michael Clarke added a comment - I've currently got Pull Requests raised for adding newer MAC, KEX and Key Algorithms into Trilead. These will add support for: Key Exchange (KEX): diffie-hellman-group-exchange-sha256 MAC: hmac-sha2-512 hmac-sha2-256 Key Algorithms: ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 Ec25519 I've not done anything on implementation specific variants (e.g. anything ending in @openssh.com or similar) that have been mentioned in any of the above comments  
            Hide
            mc1arke Michael Clarke added a comment -

            I've currently got Pull Requests raised for adding newer MAC, KEX and Key Algorithms into Trilead. These will add support for:

            Key Exchange (KEX):

            MAC:

            Key Algorithms:

            I've not done anything on implementation specific variants (e.g. anything ending in @openssh.com or similar) that have been mentioned in any of the above comments

             

            Show
            mc1arke Michael Clarke added a comment - I've currently got Pull Requests raised for adding newer MAC, KEX and Key Algorithms into Trilead. These will add support for: Key Exchange (KEX): diffie-hellman-group-exchange-sha256 MAC: hmac-sha2-512 hmac-sha2-256 Key Algorithms: ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 Ec25519 I've not done anything on implementation specific variants (e.g. anything ending in @openssh.com or similar) that have been mentioned in any of the above comments  
            Hide
            paladox paladox added a comment -

            Those pulls were merged a new release of trilead-ssh2 has been done. Jenkins will be updated shortly to use the new release.

            Show
            paladox paladox added a comment - Those pulls were merged a new release of trilead-ssh2 has been done. Jenkins will be updated shortly to use the new release.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Michael Clarke
            Path:
            core/pom.xml
            http://jenkins-ci.org/commit/jenkins/b17d0763709be35d39f16d6af7afaf765ac6cf92
            Log:
            Bump Trilead version to receive a number of security enhancements
            JENKINS-41606JENKINS-33021JENKINS-26379JENKINS-31549

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Michael Clarke Path: core/pom.xml http://jenkins-ci.org/commit/jenkins/b17d0763709be35d39f16d6af7afaf765ac6cf92 Log: Bump Trilead version to receive a number of security enhancements JENKINS-41606 JENKINS-33021 JENKINS-26379 JENKINS-31549
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The fix has been integrated towards 2.58. It is not a backporting candidate

            Show
            oleg_nenashev Oleg Nenashev added a comment - The fix has been integrated towards 2.58. It is not a backporting candidate
            Hide
            aheritier Arnaud Héritier added a comment -

            thanks a lot Michael Clarke !!!

            Show
            aheritier Arnaud Héritier added a comment - thanks a lot Michael Clarke !!!

              People

              • Assignee:
                mc1arke Michael Clarke
                Reporter:
                magneto09 Mohit Sharma
              • Votes:
                10 Vote for this issue
                Watchers:
                28 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: