Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46754

2.73+ SSH agent sometimes will not start if using passphrase-protected ed25519 key

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: core
    • Environment:
      Jenkins 2.73.1 RC
      Jenkins plugins as stored in my lts-with-plugins branch SHA f45cc34ca0
    • Similar Issues:

      Description

      The Jenkins 2.73.1 LTS release fails to connect my ssh agents which use an ed25519 passphrase protected private key.  These agents connected successfully with Jenkins 2.60.3 LTS and earlier.

      I've confirmed that dsa passphrase protected private keys work in all cases and that rsa passphrase protected private keys work in all cases. The rsa private keys and ed25519 private keys which are not passphrase protected work in all cases.

      It appears to only be ed25519 private keys which are passphrase protected that have a problem in two of my six tested configurations with 2.73.1 LTS.  Those same configurations work as expected with 2.60.3 LTS.

      Failures include a stack trace:

      [09/08/17 08:56:01] SSH Launch of mark-pc2-beemarkwaite on mark-pc2.markwaite.net failed in 113 ms
      Sep 08, 2017 8:56:01 AM com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator authenticate
      WARNING: Uncaught exception escaped doAuthenticate method
      java.lang.NoSuchMethodError: org.mindrot.jbcrypt.BCrypt.pbkdf([B[BI[B)V
      at com.trilead.ssh2.signature.OpenSshCertificateDecoder.generateKayAndIvPbkdf2(OpenSshCertificateDecoder.java:135)
      at com.trilead.ssh2.signature.OpenSshCertificateDecoder.createKeyPair(OpenSshCertificateDecoder.java:78)
      at com.trilead.ssh2.crypto.PEMDecoder.decodeKeyPair(PEMDecoder.java:493)
      at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:225)
      at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:483)
      at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
      at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:438)
      at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:458)
      at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1321)
      at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:804)
      at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:793)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at java.lang.Thread.run(Thread.java:748)
      

       
      The other agent fails with a similar stack trace in the log file:

      Sep 08, 2017 9:06:13 AM com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator authenticate
      WARNING: Uncaught exception escaped doAuthenticate method
      java.lang.NoSuchMethodError: org.mindrot.jbcrypt.BCrypt.pbkdf([B[BI[B)V
      	at com.trilead.ssh2.signature.OpenSshCertificateDecoder.generateKayAndIvPbkdf2(OpenSshCertificateDecoder.java:135)
      	at com.trilead.ssh2.signature.OpenSshCertificateDecoder.createKeyPair(OpenSshCertificateDecoder.java:78)
      	at com.trilead.ssh2.crypto.PEMDecoder.decodeKeyPair(PEMDecoder.java:493)
      	at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:225)
      	at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:483)
      	at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
      	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:438)
      	at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:458)
      	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1321)
      	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:804)
      	at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:793)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:748)
      
      [09/08/17 09:06:13] SSH Launch of debian9-a-coleen on debian9-a.markwaite.net failed in 135 ms
      

      Problem does not appear in 2.71, 2.72, 2.73, or 2.75 on the two failing machines.
      Problem is visible in 2.73.1-rc, 2.76, and 2.77 on the two failing machines.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                markewaite Mark Waite
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: