Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60812

Failed known_hosts verification for non-standard ssh port

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ssh-slaves-plugin
    • Labels:
      None
    • Environment:
      Debian 9
      openjdk version "1.8.0_222"
      jenkins 2.204.1
      SSH Slaves plugin 1.31.0
    • Similar Issues:
    • Released As:
      ssh-slaves-1.31.1

      Description

      Host Key Verification Strategy is broken for non-standard SSH ports.

      Jenkins log:
      [01/19/20 06:17:44] [SSH] Opening SSH connection to slave.net28:58968.
      [01/19/20 06:17:44] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
      Key exchange was not finished, connection is closed.
      java.io.IOException: There was a problem while connecting to slave.net28:58968

      Command line:
      jenkins@jenkins:~$ ssh-keygen -H -F [slave.net28]:58968

      1 EAUuHpVvln52WKE434qHFyJrEzM= KyIhaIA1YlW1hDeFIzdvgJQzU8s= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFmmZQx/Cmy1rRV7HsAff4JiIqKPopwVtIgkAaAnG38DESY/cG4xYum0i96eYzmvGxf4UADKDT2e7ePFkJmp9yM=

      Changing ssh port to 22 fixes the issue.

        Attachments

          Issue Links

            Activity

            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            The know_hosts file should include the port on the host identified to allow to connect to a non standard port, the format is

            Host:port public-key name

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - The know_hosts file should include the port on the host identified to allow to connect to a non standard port, the format is Host:port public-key name
            Hide
            spinal Arthur Demchenkov added a comment - - edited

            The known_host file was generated automatically by ssh client.

            Did I something wrong which leaded to this behaviour?

            Is it supposed the user should fill that file manually or something?

            Show
            spinal Arthur Demchenkov added a comment - - edited The known_host file was generated automatically by ssh client. Did I something wrong which leaded to this behaviour? Is it supposed the user should fill that file manually or something?
            Hide
            spinal Arthur Demchenkov added a comment -

            Where is that behaviour documented? It's not seen neither in Jenkins logs or popup "?" messages.

            Show
            spinal Arthur Demchenkov added a comment - Where is that behaviour documented? It's not seen neither in Jenkins logs or popup "?" messages.
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            Please read the OpenSSH documentation https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#~/.ssh/known_hosts section "About the Contents of the known_hosts Files"

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - Please read the OpenSSH documentation https://en.wikibooks.org/wiki/OpenSSH/Client_Configuration_Files#~/.ssh/known_hosts section "About the Contents of the known_hosts Files"
            Hide
            spinal Arthur Demchenkov added a comment -

            Why changing ssh port to 22 fixes the issue?

            Show
            spinal Arthur Demchenkov added a comment - Why changing ssh port to 22 fixes the issue?
            Hide
            spinal Arthur Demchenkov added a comment - - edited

            Also adding an empty-port entry to known_hosts file fixes the issue.

            To reproduce this case, just change the SSH port to default (on the server), connect at least once, to have the entry added to known_hosts file.

            Then change SSH port to whatever you want and Jenkins stops refusing to connect.

            This is a bug. The port is ignored by plugin when trying to find the entry in known_hosts file.

            Show
            spinal Arthur Demchenkov added a comment - - edited Also adding an empty-port entry to known_hosts file fixes the issue. To reproduce this case, just change the SSH port to default (on the server), connect at least once, to have the entry added to known_hosts file. Then change SSH port to whatever you want and Jenkins stops refusing to connect. This is a bug. The port is ignored by plugin when trying to find the entry in known_hosts file.
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            I have replicated the issue, and I am testing a fix on a test environment https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-60812.

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - I have replicated the issue, and I am testing a fix on a test environment https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-60812 .

              People

              • Assignee:
                ifernandezcalvo Ivan Fernandez Calvo
                Reporter:
                spinal Arthur Demchenkov
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: