jenkins:配置密钥时报错的解决:Failed to add SSH key. Message invalid privatekey(Jenkins 2.257)
一,报错的现象:
1,提示信息:
jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: [B@60373f7]
如图:
2,系统环境:
fedora 30
[root@localhost ~]# more /etc/redhat-release Fedora release 30 (Thirty)
内核 :
[root@localhost ~]# uname -r 5.6.13-100.fc30.x86_64
ssh
[root@localhost ~]# ssh -V OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
jenkins的版本是2.257
说明:刘宏缔的架构森林是一个专注架构的博客,
网站:https://blog.imgtouch.com
本文: https://blog.imgtouch.com/index.php/2023/05/25/jenkins-pei-zhi-mi-yao-shi-bao-cuo-de-jie-jue-failed-to-add/
对应的源码可以访问这里获取: https://github.com/liuhongdi/
说明:作者:刘宏缔 邮箱: 371125307@qq.com
二,问题的原因
因为我们生成密钥的openssh的版本过高的原因
看例子:先生成密钥
[root@localhost ~]# ssh-keygen -t rsa
查看所生成私钥的格式:
[root@localhost ~]$ more .ssh/id_rsa -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn …
可以看到密钥的首行是:
-----BEGIN OPENSSH PRIVATE KEY——
而jenkins 2.2.57 版本在检验密钥时还不支持这种格式,
三,问题的解决:
1,指定格式
[root@localhost ~]# ssh-keygen -m PEM -t rsa -b 4096
说明:
-m 参数指定密钥的格式,PEM是rsa之前使用的旧格式
-b 指定密钥长度。对于RSA密钥,最小要求768位,默认是2048位。
附man手册的说明:
-m key_format Specify a key format for key generation, the -i (import), -e (export) conversion options, and the -p change passphrase oper‐ ation. The latter may be used to convert between OpenSSH private key and PEM private key formats. The supported key for‐ mats are: “RFC4716” (RFC 4716/SSH2 public or private key), “PKCS8” (PKCS8 public or private key) or “PEM” (PEM public key). By default OpenSSH will write newly-generated private keys in its own format, but when converting public keys for export the default format is “RFC4716”. Setting a format of “PEM” when generating or updating a supported private key type will cause the key to be stored in the legacy PEM private key format.
2,查看密钥格式:
[root@localhost ~]# more /root/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEA44rzAenw3N7Tpjy5KXJpVia5oSTV/HrRg7d8PdCeJ3N1AiZU ...
可以看到密钥的首行是:
-----BEGIN RSA PRIVATE KEY-----
这样改动后可以通过jenkins对密钥格式的验证
四,测试:
点击 test configuration 后,提示 success,表示密钥无问题
五,查看Jenkins版本
在登录后首页的右下角,可以看到当前的版本:2.257