0

first, I'm doing this for past two days, but nothing works.

I've seen many tutorials, but no one works for me.

I have jenkins installed, in it I have Master node and I want to create new node. (some agent)

I want to establish connection with ssh.

I have jenkins user already on my new node and generated ssh key. (where is jenkins installed, there isn't jenkins user).

But the jenkins is telling me 'can't find known_hosts in /var/jenkins_home'. But this file exist. I checked if port 22 is open on my new node, and yes, it is, I can connect to it from my local PC.

Is there some other method, but it should be with SSH, not agent.rar.

What should I check?

EDIT:

-rw-r--r-- 1 root root 0 Oct 24 17:36 /var/lib/jenkins/.ssh

sudo -u jenkins ssh jenkins@*IP* ls -la .ssh
The authenticity of host '*IP* (*IP*)' can't be established.
ECDSA key fingerprint is SHA256:*FINGERPRINT*.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).
Permission denied (publickey).
Július Marko
  • 111
  • 1
  • 6
  • What OS/Distro is this ? – user9517 Oct 24 '17 at 17:18
  • On your Jenkins Master machine, could you run `sudo ls -la ~jenkins/.ssh` and add the output to your question. Also could you try `sudo -u jenkins ssh jenkins@ ls -la .ssh` as Jenkins user on your Master host and also add the output to the question. – sborsky Oct 24 '17 at 17:24
  • ubuntu 16 @user430214 – Július Marko Oct 24 '17 at 17:33
  • @sborsky edited – Július Marko Oct 24 '17 at 17:41
  • in my ubuntu home folder, there's `.ssh/authorized_keys`. The `authorized_keys` file contains one or more keys. Also, the permissions you show are too open. The `authorized_keys` file should have `-rw------- 1 ubuntu ubuntu 1224 Jun 1 2016 authorized_keys` – LHWizard Oct 24 '17 at 17:45

2 Answers2

1

You normally have the .ssh directory file permissions set as 700 and owned by the user who needs to access it.

As it is with 644 it's not going to be traversable by anyone (except root) so no wonder it can't be read by a user process. Change the ownership to jenkins and the perms to 700. Then set the ownership/permissions on the contents of the directory correctly too.

Then read up on Unix file and ownership permissions.

user9517
  • 115,471
  • 20
  • 215
  • 297
0

Your Jenkins user's .ssh directory doesn't exist, instead some file with the same name. To fix this: Remove it, create the directory and set ownder and permissions.

rm ~jenkins/.ssh
install -d -o jenkins -m 0700 ~jenkins/.ssh

This will solve the Failed to add the host to the list of known hosts error.

Then copy your Jenkins SSH private and public keys into that directory and change there owner to jenkins, the mode for the private key to 0600 and for the public key 0644.

Test again by running sudo -u jenkins ssh jenkins@<nodehostname> ls -la .ssh.

If it still fails, add the error message to your question.

sborsky
  • 315
  • 1
  • 6