Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56804

RSA Keys larger than 4096 bits do not work with ansible playbooks


    • Similar Issues:


      I recently created an SSH rsa key that was 8192 bits in size and stored it in the credentials repository. I found that Ansible playbooks did not work with a key of this size.



      09:50:52  [Install - Nagios Core] $ ansible-playbook "/var/lib/jenkins/workspace/Install - Nagios Core/ansible/prepare_os.yml" --private-key "/var/lib/jenkins/workspace/Install - Nagios Core/ssh581441855617245626.key" -u root -i core-057, -e "target=core-057, product=nagios os_name=fedora os_version=29 os_version_minor= ansible_become_pass="
      09:50:52  PLAY [Prepare Operating System] ************************************************
      09:50:52  TASK [Gathering Facts] *********************************************************
      09:50:52  fatal: [core-057]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'core-057,2001:44b8:3132:25:10:25:5:190' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
      09:50:52  	to retry, use: --limit @/var/lib/jenkins/workspace/Install - Nagios Core/ansible/prepare_os.retry



      I could confirm from the command line that if I created the keyfile I was able to execute the ansible-playbook command and it worked. So it's not an ansible issue with keyfiles of that size, it's something to do with Jenkins creating that keyfile (I think).


      After some trial and error I found that an 4096 bit key worked but anything larger failed (like 4097).



      ssh-keygen -b 4097



      I know this is an edge case, bit I've spent about 3 hours getting to the root cause of the issue so hopefully it'll help someone else.



          box293 Troy Lea created issue -
          box293 Troy Lea made changes -
          Field Original Value New Value
          Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
          Resolution Not A Defect [ 7 ]
          box293 Troy Lea made changes -
          Status Fixed but Unreleased [ 10203 ] Closed [ 6 ]


            • Assignee:
              sirot Jean-Christophe Sirot
              box293 Troy Lea
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: