Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jenkins master fails to connect to the slave over SSH

Jenkins master is running on Amazon instance and slave machine set up on dedicated Soyoustart machine. Worked fine until it was needed to redo the slave setup: reinstalled the OS, installed Java, added masters key to slave authorized_keys and removed/added again the slave in masters known_hosts. Set up new credentials for the slave and configured the node in Jenkins master but it is unable to connect to the slave.

The setup is the the same that is and has been working with other slaves without hiccups. The only thing different is that this time the new slave is the same machine with the IP as the old one was.

It is possible to ssh into the slave from master from CLI(replaced filename and slave IP with placeholder for this post): $ ssh -i <key-file> jenkins@<slave-ip>

Credentials have been set up : enter image description here

Node is configured: enter image description here

Output when connecting to the slave:

[05/17/15 07:30:31] [SSH] Opening SSH connection to <slave-ip>.
Key exchange was not finished, connection is closed.
ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
java.lang.IllegalStateException: Connection is not established!
at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[05/17/15 07:30:31] Launch failed - cleaning up connection
[05/17/15 07:30:31] [SSH] Connection closed.

Version numbers:

  • Jenkins 1.613
  • SSH Credentials Plugin 1.11
  • SSH Slaves plugin 1.9

For those who prefer to dig into code:

  • SSH Credentials Plugin

  • SSH Slave Plugin

  • Trilead SSH

Am I missing something obvious here? What could be causing this? Any known workaround? Or does it look like a bug that needs to be reported?

Please let me know if more information is needed.

like image 707
Tanel Mae Avatar asked May 17 '15 08:05

Tanel Mae


People also ask

Which protocol in Jenkins is used to connect to Jenkins slave?

Jenkins uses a Master-Slave architecture to manage distributed builds. In this architecture, Master and Slave communicate through TCP/IP protocol.

How do you check if Jenkins slave is running?

Basic usage. Visit a url like http:``//myslave:3141 to see whether a slave is running and how much memory it is using. Configure the port used by clicking Manage Jenkins on the dashboard.


2 Answers

I'm running Jenkins master using official Docker image which uses OpenJDK8 and should not need to install JCE.

Apparently this is an unresolved issue in Jenkins/SSH security.

My current workaround is by commenting out MACs and KexAlgorithm line in /etc/ssh/sshd_config of Jenkins Slave and restarting the sshd (service ssh restart on Ubuntu)


UPDATE: the issue has been resolved as of 2017-04-29

like image 141
akhy Avatar answered Oct 17 '22 19:10

akhy


I suspect that you need to install the Java Cryptography Extension for your JVM. Without that the RSA key size is limited and authentication is not being established.

See https://issues.jenkins-ci.org/browse/JENKINS-26495 for more details.

like image 37
tarantoga Avatar answered Oct 17 '22 19:10

tarantoga