Thanks Harald. Your post was very helpful - I was coming across the same issue where our Windows Jenkins host could not connect to our Linux slaves.
"ssh -o HostKeyAlgorithms=ssh-rsa ..." fixed our issue It seems that our Jenkins server (2.46.3) doesn't like me using ecdsa-sha2-nistp256 cipher whereas use of ssh-rsa cipher allows Jenkins to talk to the slaves regards On Friday, March 24, 2017 at 7:31:34 PM UTC+11, Harald Wellmann wrote: > > Yes, I can ssh both ways. The problem seems to be that the SSH lib used by > Jenkins does not support newer ciphers like ecdsa-sha2-nistp256. > > After deleting the known_hosts entry and creating a new one via > > ssh -o HostKeyAlgorithms=ssh-rsa slave2.example.com > > Jenkins no longer complains. > > I'm not a security expert, but it seems that I'm now using a less robust > cipher than before, so this is more of a workaround than a solution. > > Regards, > Harald > > 2017-03-23 21:24 GMT+01:00 Harriet Severino <sever...@gmail.com > <javascript:>>: > >> Can you ssh from master to slave and back as the jenkins user? If not >> look at you ssh setup. SSH is picky about the permissions of all the files >> under ~/.ssh. >> >> >> >> On Thursday, March 23, 2017 at 12:45:33 PM UTC-4, Harald Wellmann wrote: >>> >>> After upgrading to SSH Slave Plugin 1.15 on Jenkins 2.32.3, I'm getting >>> warnings >>> >>> about missing SSH key verification which I'm trying to fix. >>> >>> >>> I've configured Known hosts file verification strategy, I've manually >>> ssh'ed >>> >>> from my master to my slave, and I've checked there's an entry in my >>> >>> .ssh/known_hosts on master which looks like >>> >>> >>> slave2.example.com ecdsa-sha2-nistp256 AAAA...v+2Uc0= >>> >>> >>> Despite that, I'm getting the following error when lauching the agent: >>> >>> >>> [03/23/17 13:10:38] [SSH] Opening SSH connection to slave2.example.com:22. >>> [03/23/17 13:10:38] [SSH] WARNING: No entry currently exists in the Known >>> Hosts file for this host. Connections will be denied until this new host >>> and its associated key is added to the Known Hosts file. >>> Key exchange was not finished, connection is closed. >>> java.io.IOException: There was a problem while connecting to >>> slave2.example.com:22 >>> at com.trilead.ssh2.Connection.connect(Connection.java:818) >>> at com.trilead.ssh2.Connection.connect(Connection.java:687) >>> at com.trilead.ssh2.Connection.connect(Connection.java:601) >>> at >>> hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1265) >>> at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:790) >>> at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:785) >>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >>> at java.lang.Thread.run(Thread.java:745) >>> Caused by: java.io.IOException: Key exchange was not finished, connection >>> is closed. >>> at >>> com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:93) >>> at >>> com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:230) >>> at com.trilead.ssh2.Connection.connect(Connection.java:770) >>> ... 9 more >>> Caused by: java.io.IOException: The server hostkey was not accepted by the >>> verifier callback >>> at >>> com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:535) >>> at >>> com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:777) >>> at >>> com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:489) >>> ... 1 more >>> [03/23/17 13:10:38] Launch failed - cleaning up connection >>> [03/23/17 13:10:38] [SSH] Connection closed. >>> >>> >>> >>> >>> Any ideas what's wrong here? >>> >>> Thanks, >>> Harald >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-use...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/7006ab93-7ca4-4063-baf6-7c844be60165%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/7006ab93-7ca4-4063-baf6-7c844be60165%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- *This email may contain information that is confidential. If you receive an email in error please delete it immediately.* -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e4021a4c-33c7-429e-97b7-f2e532111a19%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
