一,報錯的現象:
1,提示信息:
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: [B@60373f7]
如圖:
2,系統環境:
fedora 30
[root@localhost ~]# more /etc/redhat-release Fedora release 30 (Thirty)
內核 :
[root@localhost ~]# uname -r 5.6.13-100.fc30.x86_64
ssh
[root@localhost ~]# ssh -V OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
jenkins的版本是2.257
說明:劉宏締的架構森林是一個專注架構的博客,地址:https://www.cnblogs.com/architectforest
對應的源碼可以訪問這里獲取: https://github.com/liuhongdi/
說明:作者:劉宏締 郵箱: 371125307@qq.com
二,問題的原因
因為我們生成密鑰的openssh的版本過高的原因
看例子:先生成密鑰
[root@localhost ~]# ssh-keygen -t rsa
查看所生成私鑰的格式:
[root@localhost ~]$ more .ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn …
可以看到密鑰的首行是:
-----BEGIN OPENSSH PRIVATE KEY——
而jenkins 2.2.57 版本在檢驗密鑰時還不支持這種格式,
三,問題的解決:
1,指定格式
[root@localhost ~]# ssh-keygen -m PEM -t rsa -b 4096
說明:
-m 參數指定密鑰的格式,PEM是rsa之前使用的舊格式
-b 指定密鑰長度。對於RSA密鑰,最小要求768位,默認是2048位。
附man手冊的說明:
-m key_format Specify a key format for key generation, the -i (import), -e (export) conversion options, and the -p change passphrase oper‐ ation. The latter may be used to convert between OpenSSH private key and PEM private key formats. The supported key for‐ mats are: “RFC4716” (RFC 4716/SSH2 public or private key), “PKCS8” (PKCS8 public or private key) or “PEM” (PEM public key). By default OpenSSH will write newly-generated private keys in its own format, but when converting public keys for export the default format is “RFC4716”. Setting a format of “PEM” when generating or updating a supported private key type will cause the key to be stored in the legacy PEM private key format.
2,查看密鑰格式:
[root@localhost ~]# more /root/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA44rzAenw3N7Tpjy5KXJpVia5oSTV/HrRg7d8PdCeJ3N1AiZU ...
可以看到密鑰的首行是:
-----BEGIN RSA PRIVATE KEY-----
這樣改動后可以通過jenkins對密鑰格式的驗證
四,測試:
點擊 test configuration 后,提示 success,表示密鑰無問題
五,查看Jenkins版本
在登錄后首頁的右下角,可以看到當前的版本:2.257
