SSH Smoke Test section - SSH Credential issue
Although, I tested the connection onto the VM machine to confirm the ssh configuration, and entering several time the private key for the sshUser, I still have a authentication identified in this ticket: https://issues.jenkins.io/browse/JENKINS-67564
The SSH Pipeline Steps plugin indicates to be build on top of the Groovy SSH library; is it relying onto the SSH Credential plugin?
Answers
-
To me it appears to be an issue on the side of the server that you are connecting to. Please check the ssh daemon config /etc/ssh/sshd_config to see if key based authentication, root auth is enabled. If you make changes to this config, you would also need to restart ssh daemon in order for this to be effective.
0 -
@gouravshah
Thanks your reply.
For the last couple of days I tried different options and got completely confused by the following points:
1. Why do we need to store the SSH private key in Jenkins and not the public key like in the video example when trying to connect onto the dev VM machine from personal laptop? The following article helped me to understand why storing credentials in Jenkins is a good practice rather than exporting the public key into the building agent and get it hard-coded in any script (https://support.cloudbees.com/hc/en-us/articles/222838288). At this point, I am still not clear if reversing the logic between the public and private keys means that the SSH daemon is embeded in Jenkins master node and what is the purpose of the ~/.authorized_keys file (specifically if we declare the public key in the google cloud console).
2. The Jenkins plugin documentation is sometime very light; consequently I mixed the purpose of using an SSH build agent with the SSH step pipeline plugins. In my attempts to get a running pod to run the script, the only successful one I got was by defining a jenkins/ssh-agent container declared through thepodTemplatefeature (passing the pod label template defined through the UI -- in the node management/cloud interface -- and pointing to a jenkins/inbound-agent container as suggested by the Kubernetes plugin documentation does not work as when launching the pipeline build, pods are ended quickly and a new one is triggered consecutively; declaring a container pointing to jenkins/inbound-agent in the pipeline script has the same effect). In the case of using the jenkins/ssh-agent (see code belowI used the same public key build to open a connection between the transient pod and the dev VM to run theinspeccommand; that does not seem right...
3. At some point I was also confused with the notion of ssh-agent; but with the combination of all previous point, my eyes started to squint from reading a lot of documentation...I think that a diagram explaining the intertwined usage of SSH public/private keys and the current infrastructure relying on Jenkins running on Kubernetes with transient building agent pods provisioned to connect onto the master node through JNLP or SSH would be helpful.
Thanks
Pipeline script:
0 -
@bauger fundamentally, you would need private key configured on the side which is going to initiate the connection (in this case jenkins host). You would configure public key on the destination which is going to accept the connection. If this point it clear, rest should fall in place.
Its great to see you going through so much of documentation and trying to understand how it works. I would recommend you to join the office hours on Mon/Tue, so that I could answer all the questions that you have and help you get more clarity, the fastest possible way.
0
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 750 Linux Foundation IT Professional Programs
- 373 Cloud Engineer IT Professional Program
- 169 Advanced Cloud Engineer IT Professional Program
- 74 DevOps IT Professional Program - Discontinued
- 4 DevOps & GitOps IT Professional Program
- 99 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 1 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 3 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 1 Open Source Best Practice Training
- 1 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 792 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 87 Storage
- 769 Linux Distributions
- 81 Debian
- 68 Fedora
- 22 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 106 Mobile Computing
- 18 Android
- 73 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 392 Off Topic
- 121 Introductions
- 181 Small Talk
- 29 Study Material
- 955 Programming and Development
- 310 Kernel Development
- 627 Software Development
- 983 Software
- 375 Applications
- 182 Command Line
- 5 Compiling/Installing
- 68 Games
- 317 Installation
- Archived
- 2 LFD140 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)