Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Calling SSH command from Jenkins

Jenkins keeps using the default "jenkins" user when executing builds. My build requires a number of SSH calls. However these SSH calls fails with Host verification exceptions because i haven't been able connect place the public key for this user on the target server.

I don't know where the default "jenkins" user is configured and therefore cant generate the required public key to place on the target server.

Any suggestions for either;

  1. A way to force Jenkins to use a user i define
  2. A way to enable SSH for the default Jenkins user
  3. Fetch the password for the default 'jenkins' user

Ideally I would like to be able do both both any help greatly appreciated.

Solution: I was able access the default Jenkins user with an SSH request from the target server. Once i was logged in as the jenkins user i was able generate the public/private RSA keys which then allowed for password free access between servers

like image 860
cdugga Avatar asked Aug 13 '13 15:08

cdugga


2 Answers

Because when having numerous slave machine it could be hard to anticipate on which of them build will be executed, rather then explicitly calling ssh I highly suggest using existing Jenkins plug-ins for SSH executing a remote commands:

  • Publish Over SSH - execute SSH commands or transfer files over SCP/SFTP.
  • SSH - execute SSH commands.
like image 82
luka5z Avatar answered Sep 30 '22 02:09

luka5z


The default 'jenkins' user is the system user running your jenkins instance (master or slave). Depending on your installation this user can have been generated either by the install scripts (deb/rpm/pkg etc), or manually by your administrator. It may or may not be called 'jenkins'.

To find out under what user your jenkins instance is running, open the http://$JENKINS_SERVER/systemInfo, available from your Manage Jenkins menu.

There you will find your user.home and user.name. E.g. in my case on a Mac OS X master:

user.home   /Users/Shared/Jenkins/Home/
user.name   jenkins

Once you have that information you will need to log onto that jenkins server as the user running jenkins and ssh into those remote servers to accept the ssh fingerprints.

An alternative (that I've never tried) would be to use a custom jenkins job to accept those fingerprints by for example running the following command in a SSH build task:

ssh -o "StrictHostKeyChecking no" your_remote_server

This last tip is of course completely unacceptable from a pure security point of view :)

like image 36
coffeebreaks Avatar answered Sep 30 '22 02:09

coffeebreaks