Jenkins SSH Errors and How to Fix Them
Dealing with Jenkin’s SSH issues is definitely not enjoyable to troubleshoot. It’s a curse of Jenkins plugin architecture, connecting with SSH requires multiple SSH plugins to work together and to Jenkins, it just reports an error somewhere down in the plugin layer. The good news, is once you get through this issue, it tends to not come back up again.
Your Jenkins probably has these plugins installed and depending on which one you are using, the errors can look different :
- SSH Agent Plugin
- SSH Build Agents plugin
- SSH Credentials Plugin
- SSH plugin
- Publish Over SSH
[SSH] Exception:Auth fail
If you are getting this error, it means your username/password is invalid, you do not have a SSH Agent passing a public key, or the remote server does not have this key setup in its authorized_keys file.
[SSH] executing...
[SSH] Exception:Auth fail
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
at org.jvnet.hudson.plugins.CredentialsSSHSite.createSession(CredentialsSSHSite.java:132)
at org.jvnet.hudson.plugins.CredentialsSSHSite.executeCommand(CredentialsSSHSite.java:208)
at org.jvnet.hudson.plugins.SSHBuilder.perform(SSHBuilder.java:104)
SOLUTION
If you are using public key authentication, make sure to have the Build Environment > SSH Agent enabled and that the remote host has your public key is in its ~/.ssh/authorized_keys
,
[SSH] Session is Down
If you are getting this error, it really means that something went wrong after SSH started the connection but before it successfully connected. Most likely you have a missing SSH fingerprint. You know how when you first connect to a new server it asks if you want to add the server fingerprint to your list. Well Jenkins connects to the server, asks the non-existent terminal user if it can add the fingerprint, then fails the build.
[SSH] executing...
[SSH] Exception:session is down
com.jcraft.jsch.JSchException: session is down
at com.jcraft.jsch.Channel.sendChannelOpen(Channel.java:762)
at com.jcraft.jsch.Channel.connect(Channel.java:151)
at com.jcraft.jsch.Channel.connect(Channel.java:145)
at org.jvnet.hudson.plugins.CredentialsSSHSite.doExecCommand(CredentialsSSHSite.java:250)
SOLUTION
add this command to your Jenkins script before it makes a SSH call or if the job immediately uses SSH, just add a new job and have it run this code in the local execute shell for that executor. This will add the fingerprint if there isn’t already a fingerprint in the file and its recommended to have at the start of all of your jenkins jobs so it can move to other executors and bootstrap itself.
HOSTNAME=example.com
ssh-keygen -F ${HOSTNAME} || ssh-keyscan ${HOSTNAME} -t rsa >> ~/.ssh/known_hosts
If you have a different issue, please write a comment below as I would like to expand this page to cover more issues.