Continuous Integration
Continuous Integration

Jenkins SSH Errors and How to Fix Them

Dealing with Jenkin’s SSH issues is definitely not enjoyable to troubleshoot. It’s a curse of Jenkins plugin architecture, connecting with SSH requires multiple SSH plugins to work together and to Jenkins, it just reports an error somewhere down in the plugin layer. The good news, is once you get through this issue, it tends to not come back up again.

Your Jenkins probably has these plugins installed and depending on which one you are using, the errors can look different :

  • SSH Agent Plugin
  • SSH Build Agents plugin
  • SSH Credentials Plugin
  • SSH plugin
  • Publish Over SSH

[SSH] Exception:Auth fail

If you are getting this error, it means your username/password is invalid, you do not have a SSH Agent passing a public key, or the remote server does not have this key setup in its authorized_keys file.

[SSH] executing...
[SSH] Exception:Auth fail
com.jcraft.jsch.JSchException: Auth fail
	at com.jcraft.jsch.Session.connect(
	at org.jvnet.hudson.plugins.CredentialsSSHSite.createSession(
	at org.jvnet.hudson.plugins.CredentialsSSHSite.executeCommand(
	at org.jvnet.hudson.plugins.SSHBuilder.perform(

If you are using public key authentication, make sure to have the Build Environment > SSH Agent enabled and that the remote host has your public key is in its ~/.ssh/authorized_keys,

[SSH] Session is Down

If you are getting this error, it really means that something went wrong after SSH started the connection but before it successfully connected. Most likely you have a missing SSH fingerprint. You know how when you first connect to a new server it asks if you want to add the server fingerprint to your list. Well Jenkins connects to the server, asks the non-existent terminal user if it can add the fingerprint, then fails the build.

[SSH] executing... 
[SSH] Exception:session is down 
com.jcraft.jsch.JSchException: session is down 
   at com.jcraft.jsch.Channel.sendChannelOpen( 
   at com.jcraft.jsch.Channel.connect(
   at com.jcraft.jsch.Channel.connect(
   at org.jvnet.hudson.plugins.CredentialsSSHSite.doExecCommand(

add this command to your Jenkins script before it makes a SSH call or if the job immediately uses SSH, just add a new job and have it run this code in the local execute shell for that executor. This will add the fingerprint if there isn’t already a fingerprint in the file and its recommended to have at the start of all of your jenkins jobs so it can move to other executors and bootstrap itself.
ssh-keygen -F ${HOSTNAME} || ssh-keyscan ${HOSTNAME} -t rsa >> ~/.ssh/known_hosts

If you have a different issue, please write a comment below as I would like to expand this page to cover more issues.

I'm a 33 year old UIUC Computer Engineer building mobile apps, websites and hardware integrations with an interest in 3D printing, biotechnology and Arduinos.

View Comments
There are currently no comments.

This site uses Akismet to reduce spam. Learn how your comment data is processed.