Re: ssh authentication in jenkins/jenkins:lts docker image hangs during clone

[Mark Waite]

If the passphrase contains characters which are expanded by the shell, then
the shell expansion may damage the passphrase and cause the ssh command to
hang prompting for a passphrase.

Shell expansion shouldn't be invoked on the characters of the passphrase.
I consider that a bug, but a bug that is not yet fixed.

Mark Waite

On Sat, Dec 23, 2017 at 2:37 AM Ozgur Cagdas  wrote:

>
> Hi,
>
>
> I am running a container created off jenkins/jenkins:lts docker image on
> 64-bit Ubuntu 16.04.1 LTS and git poll and clone operations hang when I use
> ssh authentication with an ssh key with passphrase
>
> Started on Dec 22, 2017 1:47:55 PM
>
> Polling SCM changes on master
> Using strategy: Default
> > git rev-parse --is-inside-work-tree # timeout=10
> Fetching changes from the remote Git repositories
> > git config remote.origin.url g...@github.com:username/repo_path.git #
> timeout=10
> Fetching upstream changes from g...@github.com:username/repo_path.git
> > git --version # timeout=10
> using GIT_SSH to set credentials test-key
> > git fetch --tags --progress g...@github.com:username/repo_path.git
> +refs/heads/*:refs/remotes/origin/* # timeout=3
>
>
> This is the ps output when the poll hangs
>
> jenkins   2405  0.0  0.0  15604  1080 13:49 git ls-remote -h
> g...@github.com:username/repo_path.git HEAD
> jenkins   2409  0.0  0.0   4288   800 13:49 /bin/sh
> /tmp/ssh852924073958836602.sh g...@github.com git-upload-pack
> 'username/repo_path.git'
> jenkins   2410  0.0  0.0  47248  5616 13:49 ssh -i
> /tmp/ssh253076704069644928.key -l jenkins -o StrictHostKeyChecking=no
> g...@github.com git-upload-pack 'username/repo_path.git'
>
>
> The jenkins plugins that are used are the latest available git, git
> client, ssh agent and ssh credentials.
>
> When I run the ssh -i line on the console manually, it does prompt for
> password and then interacts with the remote git server as expected.
>
> Another input is, if I clone the repo with username/password
> authentication over https and assign the passphrase ssh credentials to the
> jenkins item in the configuration, I can still interact with the remote
> repo in jenkins execute shell.
>
> If I resort to using a key without a passphrase, it all works fine. I saw
> quite a few people complaining about similar issues on different forums but
> there doesn't seem to be an answer about if there is a solution for it and
> what the issue is. I am not sure if this is a jenkins, jenkins plugin,
> docker or just a configuration issue. So, pointers to identify the issue is
> appreciated.
>
> Regards,
>
> Oz
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/9c7908f7-df01-4a25-a927-d02a50641832%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEt_2bd4RRH02wUVjcbLPFyQFn2u8VZq00o6jzjJ85j6w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

ssh authentication in jenkins/jenkins:lts docker image hangs during clone

[Ozgur Cagdas]

Hi,


I am running a container created off jenkins/jenkins:lts docker image on 
64-bit Ubuntu 16.04.1 LTS and git poll and clone operations hang when I use 
ssh authentication with an ssh key with passphrase

Started on Dec 22, 2017 1:47:55 PM

Polling SCM changes on master
Using strategy: Default
> git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repositories
> git config remote.origin.url g...@github.com:username/repo_path.git # 
timeout=10
Fetching upstream changes from g...@github.com:username/repo_path.git
> git --version # timeout=10
using GIT_SSH to set credentials test-key
> git fetch --tags --progress g...@github.com:username/repo_path.git 
+refs/heads/*:refs/remotes/origin/* # timeout=3


This is the ps output when the poll hangs

jenkins   2405  0.0  0.0  15604  1080 13:49 git ls-remote -h 
g...@github.com:username/repo_path.git HEAD
jenkins   2409  0.0  0.0   4288   800 13:49 /bin/sh 
/tmp/ssh852924073958836602.sh g...@github.com git-upload-pack 
'username/repo_path.git'
jenkins   2410  0.0  0.0  47248  5616 13:49 ssh -i 
/tmp/ssh253076704069644928.key -l jenkins -o StrictHostKeyChecking=no 
g...@github.com git-upload-pack 'username/repo_path.git'


The jenkins plugins that are used are the latest available git, git client, 
ssh agent and ssh credentials.

When I run the ssh -i line on the console manually, it does prompt for 
password and then interacts with the remote git server as expected.

Another input is, if I clone the repo with username/password authentication 
over https and assign the passphrase ssh credentials to the jenkins item in 
the configuration, I can still interact with the remote repo in jenkins 
execute shell.

If I resort to using a key without a passphrase, it all works fine. I saw 
quite a few people complaining about similar issues on different forums but 
there doesn't seem to be an answer about if there is a solution for it and 
what the issue is. I am not sure if this is a jenkins, jenkins plugin, 
docker or just a configuration issue. So, pointers to identify the issue is 
appreciated.

Regards,

Oz

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/9c7908f7-df01-4a25-a927-d02a50641832%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.