Continuous Integration
Continuous Integration
Posted By Steve Zazeski

Jenkins SSH Errors and How to Fix Them

Dealing with Jenkin’s SSH issues is definitely not enjoyable to troubleshoot. It’s a curse of Jenkins plugin architecture, connecting with SSH requires multiple SSH plugins to work together and to Jenkins, it just reports an error somewhere down in the plugin layer. The good news, is once you get through this issue, it tends to not come back up again.

  • SSH Agent Plugin
  • SSH Build Agents plugin
  • SSH Credentials Plugin
  • SSH plugin
  • Publish Over SSH

[SSH] Exception:Auth fail

If you are getting this error, it means your username/password is invalid, you do not have a SSH Agent passing a public key, or the remote server does not have this key setup in its authorized_keys file.

[SSH] executing...
[SSH] Exception:Auth fail
com.jcraft.jsch.JSchException: Auth fail
	at com.jcraft.jsch.Session.connect(Session.java:519)
	at org.jvnet.hudson.plugins.CredentialsSSHSite.createSession(CredentialsSSHSite.java:132)
	at org.jvnet.hudson.plugins.CredentialsSSHSite.executeCommand(CredentialsSSHSite.java:208)
	at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:104)

SOLUTION
If you are using public key authentication, make sure to have the Build Environment > SSH Agent enabled and that the remote host has your public key is in its ~/.ssh/authorized_keys,

[SSH] Session is Down

If you are getting this error, it really means that something went wrong after SSH started the connection but before it successfully connected. Most likely you have a missing SSH fingerprint. You know how when you first connect to a new server it asks if you want to add the server fingerprint to your list. Well Jenkins marks it failed as soon as that prompt would appear.

[SSH] executing... 
[SSH] Exception:session is down 
com.jcraft.jsch.JSchException: session is down 
   at com.jcraft.jsch.Channel.sendChannelOpen(Channel.java:762) 
   at com.jcraft.jsch.Channel.connect(Channel.java:151)
   at com.jcraft.jsch.Channel.connect(Channel.java:145)
   at org.jvnet.hudson.plugins.CredentialsSSHSite.doExecCommand(CredentialsSSHSite.java:250)

SOLUTION
add this command to your Jenkins script before it makes a SSH call, it will add the fingerprint if there isn’t already a fingerprint in the file.

ssh-keygen -F ${HOSTNAME} || ssh-keyscan ${HOSTNAME} -t rsa >> ~/.ssh/known_hosts

I'm a 32 year old UIUC Computer Engineer building mobile apps, websites and hardware integrations with an interest in 3D printing, biotechnology and Arduinos.

View Comments
There are currently no comments.