Jenkins SSH Errors and How to Fix Them
Dealing with Jenkin’s SSH issues is definitely not enjoyable to troubleshoot. It’s a curse of Jenkins plugin architecture, connecting with SSH requires multiple SSH plugins to work together and to Jenkins, it just reports an error somewhere down in the plugin layer. The good news, is once you get through this issue, it tends to not come back up again.
- SSH Agent Plugin
- SSH Build Agents plugin
- SSH Credentials Plugin
- SSH plugin
- Publish Over SSH
[SSH] Exception:Auth fail
If you are getting this error, it means your username/password is invalid, you do not have a SSH Agent passing a public key, or the remote server does not have this key setup in its authorized_keys file.
[SSH] executing... [SSH] Exception:Auth fail com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:519) at org.jvnet.hudson.plugins.CredentialsSSHSite.createSession(CredentialsSSHSite.java:132) at org.jvnet.hudson.plugins.CredentialsSSHSite.executeCommand(CredentialsSSHSite.java:208) at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:104)
SOLUTION
If you are using public key authentication, make sure to have the Build Environment > SSH Agent enabled and that the remote host has your public key is in its ~/.ssh/authorized_keys,
[SSH] Session is Down
If you are getting this error, it really means that something went wrong after SSH started the connection but before it successfully connected. Most likely you have a missing SSH fingerprint. You know how when you first connect to a new server it asks if you want to add the server fingerprint to your list. Well Jenkins marks it failed as soon as that prompt would appear.
[SSH] executing... [SSH] Exception:session is down com.jcraft.jsch.JSchException: session is down at com.jcraft.jsch.Channel.sendChannelOpen(Channel.java:762) at com.jcraft.jsch.Channel.connect(Channel.java:151) at com.jcraft.jsch.Channel.connect(Channel.java:145) at org.jvnet.hudson.plugins.CredentialsSSHSite.doExecCommand(CredentialsSSHSite.java:250)
SOLUTION
add this command to your Jenkins script before it makes a SSH call, it will add the fingerprint if there isn’t already a fingerprint in the file.
ssh-keygen -F ${HOSTNAME} || ssh-keyscan ${HOSTNAME} -t rsa >> ~/.ssh/known_hosts
Setting Ubuntu SSH/CLI Prompt to have a user friendly server name
I'm a 31 year old UIUC Computer Engineer building mobile apps, websites and hardware integrations with an interest in 3D printing, biotechnology and Arduinos.