SSH Smoke Test section - SSH Credential issue

Although, I tested the connection onto the VM machine to confirm the ssh configuration, and entering several time the private key for the sshUser, I still have a authentication identified in this ticket: https://issues.jenkins.io/browse/JENKINS-67564
The SSH Pipeline Steps plugin indicates to be build on top of the Groovy SSH library; is it relying onto the SSH Credential plugin?
Answers
-
To me it appears to be an issue on the side of the server that you are connecting to. Please check the ssh daemon config /etc/ssh/sshd_config to see if key based authentication, root auth is enabled. If you make changes to this config, you would also need to restart ssh daemon in order for this to be effective.
0 -
@gouravshah
Thanks your reply.
For the last couple of days I tried different options and got completely confused by the following points:
1. Why do we need to store the SSH private key in Jenkins and not the public key like in the video example when trying to connect onto the dev VM machine from personal laptop? The following article helped me to understand why storing credentials in Jenkins is a good practice rather than exporting the public key into the building agent and get it hard-coded in any script (https://support.cloudbees.com/hc/en-us/articles/222838288). At this point, I am still not clear if reversing the logic between the public and private keys means that the SSH daemon is embeded in Jenkins master node and what is the purpose of the ~/.authorized_keys file (specifically if we declare the public key in the google cloud console).
2. The Jenkins plugin documentation is sometime very light; consequently I mixed the purpose of using an SSH build agent with the SSH step pipeline plugins. In my attempts to get a running pod to run the script, the only successful one I got was by defining a jenkins/ssh-agent container declared through thepodTemplate
feature (passing the pod label template defined through the UI -- in the node management/cloud interface -- and pointing to a jenkins/inbound-agent container as suggested by the Kubernetes plugin documentation does not work as when launching the pipeline build, pods are ended quickly and a new one is triggered consecutively; declaring a container pointing to jenkins/inbound-agent in the pipeline script has the same effect). In the case of using the jenkins/ssh-agent (see code belowI used the same public key build to open a connection between the transient pod and the dev VM to run theinspec
command; that does not seem right...
3. At some point I was also confused with the notion of ssh-agent; but with the combination of all previous point, my eyes started to squint from reading a lot of documentation...I think that a diagram explaining the intertwined usage of SSH public/private keys and the current infrastructure relying on Jenkins running on Kubernetes with transient building agent pods provisioned to connect onto the master node through JNLP or SSH would be helpful.
Thanks
Pipeline script:
0 -
@bauger fundamentally, you would need private key configured on the side which is going to initiate the connection (in this case jenkins host). You would configure public key on the destination which is going to accept the connection. If this point it clear, rest should fall in place.
Its great to see you going through so much of documentation and trying to understand how it works. I would recommend you to join the office hours on Mon/Tue, so that I could answer all the questions that you have and help you get more clarity, the fastest possible way.
0
Categories
- 10.1K All Categories
- 35 LFX Mentorship
- 88 LFX Mentorship: Linux Kernel
- 502 Linux Foundation Boot Camps
- 278 Cloud Engineer Boot Camp
- 102 Advanced Cloud Engineer Boot Camp
- 48 DevOps Engineer Boot Camp
- 41 Cloud Native Developer Boot Camp
- 2 Express Training Courses
- 2 Express Courses - Discussion Forum
- 1.8K Training Courses
- 17 LFC110 Class Forum
- 5 LFC131 Class Forum
- 20 LFD102 Class Forum
- 148 LFD103 Class Forum
- 13 LFD121 Class Forum
- 61 LFD201 Class Forum
- LFD210 Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- 23 LFD254 Class Forum
- 569 LFD259 Class Forum
- 100 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 1 LFS145 Class Forum
- 23 LFS200 Class Forum
- 739 LFS201 Class Forum
- 1 LFS201-JP クラス フォーラム
- 1 LFS203 Class Forum
- 45 LFS207 Class Forum
- 298 LFS211 Class Forum
- 53 LFS216 Class Forum
- 46 LFS241 Class Forum
- 41 LFS242 Class Forum
- 37 LFS243 Class Forum
- 10 LFS244 Class Forum
- 27 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- 131 LFS253 Class Forum
- 998 LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 87 LFS260 Class Forum
- 126 LFS261 Class Forum
- 31 LFS262 Class Forum
- 79 LFS263 Class Forum
- 15 LFS264 Class Forum
- 10 LFS266 Class Forum
- 17 LFS267 Class Forum
- 17 LFS268 Class Forum
- 21 LFS269 Class Forum
- 200 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- 212 LFW211 Class Forum
- 154 LFW212 Class Forum
- 899 Hardware
- 217 Drivers
- 74 I/O Devices
- 44 Monitors
- 115 Multimedia
- 208 Networking
- 101 Printers & Scanners
- 85 Storage
- 749 Linux Distributions
- 88 Debian
- 64 Fedora
- 14 Linux Mint
- 13 Mageia
- 24 openSUSE
- 133 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 355 Ubuntu
- 473 Linux System Administration
- 38 Cloud Computing
- 69 Command Line/Scripting
- Github systems admin projects
- 94 Linux Security
- 77 Network Management
- 108 System Management
- 49 Web Management
- 63 Mobile Computing
- 22 Android
- 27 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 528 Off Topic
- 127 Introductions
- 213 Small Talk
- 20 Study Material
- 794 Programming and Development
- 262 Kernel Development
- 498 Software Development
- 923 Software
- 258 Applications
- 182 Command Line
- 2 Compiling/Installing
- 76 Games
- 316 Installation
- 54 All In Program
- 54 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)