-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins 2.60.1 cli on RedHat Enterprise Linux 7
When using CLI to connect with SSH protocol to Jenkins master, CLI tries to load known_hosts file. When it encounters entries with custom ports, the parsing fails and the file is not loaded.
$ java -jar jenkins-cli.jar -s https://server:8443/jenkins -ssh -user userid who-am-i Jul 19, 2017 3:17:48 PM org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier acceptIncompleteHostKeys WARNING: Failed (StreamCorruptedException) to reload server keys from /home/userid/.ssh/known_hosts: Failed (IllegalArgumentException) to parse line #94 '[server]:55999,[10.171.40.57]:55999 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXA0S0x3vxR/lXan6EKBwc5rN4Omij2UpkvtiWqDOm5B4m8d+Exn59EJMKgiez+zCITm0bRa22pEvjPu2AD7EXz4rMoW5S042Fqv7iQYMiGsmSz4y7J4+kSnNemUe1wH04VTKZ/BNes4FcTGzCN0ah2q6nIb0gEbVeXHnWhEdFccRyLdCAXV//v4p+xkzegJM6nJDE1qwTl2SLicDfc++8B5kYfDG90nSeYtxsBWTxpILOO4Nsln4aeMkL4KwtHfgBhYc1vE6jyuf08KIgmJ3jdRf/foeZjB5aVR1GycF9e0cvTb81Xo6eBa9YCjCYWZXP1jMuPn4LhD1CyFma+FsX': Invalid host pattern char in [server]:55999 Jul 19, 2017 3:17:48 PM hudson.cli.SSHCLI$1 verifyServerKey WARNING: Unknown host key for server/10.171.40.57:55999 Authenticated as: userid Authorities: authenticated
When offending line is removed, the things are even worse since the parsing succeeds, but gets regular server SSH key (from port 22) instead of Jenkins one (from 55999) and the connection fails:
$ java -jar jenkins-cli.jar -s https://server:8443/jenkins -ssh -user userid who-am-i Jul 19, 2017 3:09:55 PM org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier acceptModifiedServerKey WARNING: acceptModifiedServerKey(ClientSessionImpl[userid@server/10.171.40.57:55999]) mismatched keys presented by server/10.171.40.57:55999 for entry=server ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6Z9rzxO2B847/BfIeCHTniW+sKlOwp/y7gAAZsIqo4iBi3IjjQkCAk22S9AAMLN1pJ23LnlWPYkbHMg9WoO/pbTYalsoGmeXnNYHw9zq+1ky3fF82Q7qQib3s0gVMdYIyjPq8axOEEMKTvE165MkH9M+38WzLzIo/KgZ760Q18TjTE6Or3agYijUfocIL4cYZ8T8T5U314RIhZ7CleYvfeCJJhFTcbfU1u1JQjBCVI43oCrTCg0U+B/IziAG+UQxtr4QmHn1B4gb4RlWh1/bslnioYzS4RMSOcKbilIZeecUR3wEyIA36MHcdQ8yg9E1eMgqyGsOux4o9vU9+tobKw==: expected=ssh-rsa-SHA256:ISYrqAqAcAsbKg9qKWEBRnro3cNrzrVjvwp0QUkooUA, actual=ssh-rsa-SHA256:Ii0dTlky9upQj6lgvXfDQL1CqUPB6RnvDntzkc+DaF0 Jul 19, 2017 3:09:55 PM org.apache.sshd.common.session.helpers.AbstractSession exceptionCaught WARNING: exceptionCaught(ClientSessionImpl[userid@server/10.171.40.57:55999])[state=Opened] SshException: Server key did not validate Jul 19, 2017 3:09:55 PM org.apache.sshd.common.session.helpers.AbstractSession disconnect INFO: Disconnecting(ClientSessionImpl[userid@server/10.171.40.57:55999]): SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE - Server key did not validate org.apache.sshd.common.SshException: Server key did not validate at org.apache.sshd.client.session.AbstractClientSession.checkKeys(AbstractClientSession.java:543) at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:580) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:528) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:463) at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1325) at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:424) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:67) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:285) at org.apache.sshd.common.io.nio2.Nio2Session$2.onCompleted(Nio2Session.java:265) at org.apache.sshd.common.io.nio2.Nio2Session$2.onCompleted(Nio2Session.java:262) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:37) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:34) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
Also in this case CLI adds Jenkins SSH key to known_hosts without port, so the entry is conflicting with regular SSH key.
Please add support for custom port in known_hosts. This is perfectly valid according to sshd(8):
SSH_KNOWN_HOSTS FILE FORMAT
...
A hostname or address may optionally be enclosed within `[' and `]' brackets then followed by `:' and a non-standard port number.