ssh authentication in jenkins/jenkins:lts docker image hangs during clone

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ssh authentication in jenkins/jenkins:lts docker image hangs during clone

Ozgur Cagdas

Hi,


I am running a container created off jenkins/jenkins:lts docker image on 64-bit Ubuntu 16.04.1 LTS and git poll and clone operations hang when I use ssh authentication with an ssh key with passphrase

Started on Dec 22, 2017 1:47:55 PM

Polling SCM changes on master
Using strategy: Default
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repositories
> git config remote.origin.url [hidden email]:username/repo_path.git # timeout=10
Fetching upstream changes from [hidden email]:username/repo_path.git
> git --version # timeout=10
using GIT_SSH to set credentials test-key
> git fetch --tags --progress [hidden email]:username/repo_path.git +refs/heads/*:refs/remotes/origin/* # timeout=3


This is the ps output when the poll hangs

jenkins   2405  0.0  0.0  15604  1080 13:49 git ls-remote -h [hidden email]:username/repo_path.git HEAD
jenkins   2409  0.0  0.0   4288   800 13:49 /bin/sh /tmp/ssh852924073958836602.sh [hidden email] git-upload-pack 'username/repo_path.git'
jenkins   2410  0.0  0.0  47248  5616 13:49 ssh -i /tmp/ssh253076704069644928.key -l jenkins -o StrictHostKeyChecking=no [hidden email] git-upload-pack 'username/repo_path.git'


The jenkins plugins that are used are the latest available git, git client, ssh agent and ssh credentials.

When I run the ssh -i line on the console manually, it does prompt for password and then interacts with the remote git server as expected.

Another input is, if I clone the repo with username/password authentication over https and assign the passphrase ssh credentials to the jenkins item in the configuration, I can still interact with the remote repo in jenkins execute shell.

If I resort to using a key without a passphrase, it all works fine. I saw quite a few people complaining about similar issues on different forums but there doesn't seem to be an answer about if there is a solution for it and what the issue is. I am not sure if this is a jenkins, jenkins plugin, docker or just a configuration issue. So, pointers to identify the issue is appreciated.

Regards,

Oz

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9c7908f7-df01-4a25-a927-d02a50641832%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: ssh authentication in jenkins/jenkins:lts docker image hangs during clone

Mark Waite-2
If the passphrase contains characters which are expanded by the shell, then the shell expansion may damage the passphrase and cause the ssh command to hang prompting for a passphrase.

Shell expansion shouldn't be invoked on the characters of the passphrase.  I consider that a bug, but a bug that is not yet fixed.

Mark Waite

On Sat, Dec 23, 2017 at 2:37 AM Ozgur Cagdas <[hidden email]> wrote:

Hi,


I am running a container created off jenkins/jenkins:lts docker image on 64-bit Ubuntu 16.04.1 LTS and git poll and clone operations hang when I use ssh authentication with an ssh key with passphrase

Started on Dec 22, 2017 1:47:55 PM

Polling SCM changes on master
Using strategy: Default
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repositories
> git config remote.origin.url [hidden email]:username/repo_path.git # timeout=10
Fetching upstream changes from [hidden email]:username/repo_path.git
> git --version # timeout=10
using GIT_SSH to set credentials test-key
> git fetch --tags --progress [hidden email]:username/repo_path.git +refs/heads/*:refs/remotes/origin/* # timeout=3


This is the ps output when the poll hangs

jenkins   2405  0.0  0.0  15604  1080 13:49 git ls-remote -h [hidden email]:username/repo_path.git HEAD
jenkins   2409  0.0  0.0   4288   800 13:49 /bin/sh /tmp/ssh852924073958836602.sh [hidden email] git-upload-pack 'username/repo_path.git'
jenkins   2410  0.0  0.0  47248  5616 13:49 ssh -i /tmp/ssh253076704069644928.key -l jenkins -o StrictHostKeyChecking=no [hidden email] git-upload-pack 'username/repo_path.git'


The jenkins plugins that are used are the latest available git, git client, ssh agent and ssh credentials.

When I run the ssh -i line on the console manually, it does prompt for password and then interacts with the remote git server as expected.

Another input is, if I clone the repo with username/password authentication over https and assign the passphrase ssh credentials to the jenkins item in the configuration, I can still interact with the remote repo in jenkins execute shell.

If I resort to using a key without a passphrase, it all works fine. I saw quite a few people complaining about similar issues on different forums but there doesn't seem to be an answer about if there is a solution for it and what the issue is. I am not sure if this is a jenkins, jenkins plugin, docker or just a configuration issue. So, pointers to identify the issue is appreciated.

Regards,

Oz

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9c7908f7-df01-4a25-a927-d02a50641832%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEt_2bd4RRH02wUVjcbLPFyQFn2u8VZq00o6jzjJ85j6w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.