Menu
Is it possible for the Jenkins "Execute shell" to execute SSH commands?
Jenkins has a number of pre and post build options which cater specifically for SSH type commands however i have a single script which does both build and then SCP and SSH commands. Is Jenkins forcing users to break up build scripts into multiple steps?
The "Execute Shell" is the one I'm trying to execute my SSH commands from however i've had no success.
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /var/lib/jenkins/.ssh/identity
debug1: Trying private key: /var/lib/jenkins/.ssh/id_rsa
debug1: Trying private key: /var/lib/jenkins/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
SSH Access not available for build engine
205
Using Jenkins built-in "Execute shell" you can run commands using unix shell. If you need to run a job cross platform you cannot use the two standard executors provided by Jenkins. You need a "build step" that can be executed both in Windows and in Unix.
Jenkins can make ssh connection to a remote server for the purpose of executing a command or running a script or we can also copy file from jenkins or some other server to another remote server. For this purpose, we need to create a ssh connection between Jenkins server & remote server.
Global Configuration. From the Jenkins home page, click "Manage Jenkins" and then click on "Configure System" and find the SSH section. It allows you to configure hosts that are later available in your builds.
As long as you use a publickey, you'll be able to send commands via ssh and copy files via scp. We use this to spawn some specific processes and publish certain artifacts that can't be pushed via existing commands for various reasons.
It's necessary to be careful which keys you are using and what users you are addressing on the remote server. Often, we use explicit -i arguments in ssh and we always use explicit user names to make sure that everything goes as expected
ssh -i <key_path> <user>@<fqdn_host> <command>
If you do this in your script, you should be fine. Of course, the key file will have to be readable by your Jenkins process and you will need to make sure that the key is installed on both sides.
I would also strongly suggest using ssh's built-in policy controls to control:
In particular, you can use settings in the ~/.ssh/authorized_keys on the host that is the target of the ssh/scp command to limit the hosts that can attach (host=) and even pre-load the command so that particular key always executes just one particular command (command=).
For the truly adventurous, you can specify a command= and send the commands to a restricted shell command which limits either the directory access or command access.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
