Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50181

ssh-agent/ssh-credentials-plugin failing because ssh-add expects a newline in the keyfile

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Labels:
      None
    • Environment:
    • Similar Issues:
    • Released As:
      ssh-credentials-1.17.1

      Description

      Repro:

      • Add Credentials
          - set Kind to "SSH Username with private key"
          - tick "enter directly"
          - paste a password-less private key without a trailing newline
      • Attempt to use credentials (I used ssh-agent from a Jenkinsfile)
      • Observe that ssh-add will prompt for a passphrase in the logs and the ssh-add has failed.

      The relevant part of my logs looked like this:

      ```
      [Pipeline] sshagent
      [ssh-agent] Using credentials jenkins (Github SSH key)
      [ssh-agent] Looking for ssh-agent implementation...
      [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine)
      $ ssh-agent
      SSH_AUTH_SOCK=/tmp/ssh-rEGjLSRTHULl/agent.3927
      SSH_AGENT_PID=3929
      [ssh-agent] started an agent
      $ ssh-add /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key
      Enter passphrase for /var/lib/jenkins/workspace/job@tmp/private_key_2980200938951827942.key: [Pipeline] // sshagent
      [Pipeline] }
      [Pipeline] // stage
      [Pipeline] }
      [Pipeline] // withEnv
      [Pipeline] }
      [Pipeline] // node
      [Pipeline] End of Pipeline
      ERROR: Failed to run ssh-add
      Finished: FAILURE

      ```

      Adding the trailing newline to input in the web-ui resolves this issue. Adding multiple newlines didn't seem have any adverse effect so Jenkins should probably just add a newline when it writes the keyfile.

        Attachments

          Activity

          Hide
          dnusbaum Devin Nusbaum added a comment - - edited

          Thanks for reporting the issue!

          Adding multiple newlines didn't seem have any adverse effect so Jenkins should probably just add a newline when it writes the keyfile.

          Sounds reasonable to me, although probably a newline should only be added if there isn't one already so that resaving the credentials doesn't keep adding newlines. Feel free to submit a pull request to the repository (ideally with a regression test); here is the class that I think would need to be modified.

          Show
          dnusbaum Devin Nusbaum added a comment - - edited Thanks for reporting the issue! Adding multiple newlines didn't seem have any adverse effect so Jenkins should probably just add a newline when it writes the keyfile. Sounds reasonable to me, although probably a newline should only be added if there isn't one already so that resaving the credentials doesn't keep adding newlines. Feel free to submit a pull request to the repository (ideally with a regression test); here is the class that I think would need to be modified.
          Hide
          liath John Jones added a comment -
          Show
          liath John Jones added a comment - PR created here:  https://github.com/jenkinsci/ssh-credentials-plugin/pull/33
          Hide
          eltusha Ellen Tushar added a comment -

          I've tried the adding a new line after the private key to no avail.  I've also tried adding a few lines and a # sign on one line.  I still get the ssh-add error about the passphrase. 

          Jenkins 2.164.3, SSH-agent 1.17 SSH-credentials 1.16

          After downgrading these plugins, I'm able to use the credentials with the trailing new line.

          SSH-agent 1.13  SSH-credentials 1.12

          Has anyone been able to use the trailing new line trick with these plugin versions?  SSH-agent 1.17 SSH-credentials 1.16

          Show
          eltusha Ellen Tushar added a comment - I've tried the adding a new line after the private key to no avail.  I've also tried adding a few lines and a # sign on one line.  I still get the ssh-add error about the passphrase.  Jenkins 2.164.3, SSH-agent 1.17 SSH-credentials 1.16 After downgrading these plugins, I'm able to use the credentials with the trailing new line. SSH-agent 1.13  SSH-credentials 1.12 Has anyone been able to use the trailing new line trick with these plugin versions?  SSH-agent 1.17 SSH-credentials 1.16
          Hide
          jvz Matt Sicker added a comment -
          Show
          jvz Matt Sicker added a comment - Fixed in PR https://github.com/jenkinsci/ssh-credentials-plugin/pull/33 which was just merged.
          Hide
          jvz Matt Sicker added a comment -

          Released in 1.17.1.

          Show
          jvz Matt Sicker added a comment - Released in 1.17.1.

            People

            • Assignee:
              dnusbaum Devin Nusbaum
              Reporter:
              liath John Jones
            • Votes:
              4 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: