003jenkins:配置密钥时报错的解决:Failed to add SSH key. Message invalid privatekey(Jenkins 2.379)

一,报错的现象:

1,提示信息:

jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: [B@60373f7]

如图:

 

2,系统环境:

   fedora 30

[root@localhost ~]# more /etc/redhat-release 
Fedora release 30 (Thirty)

内核 :

[root@localhost ~]# uname -r
5.6.13-100.fc30.x86_64

ssh

[root@localhost ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS  21 Apr 2020

jenkins的版本是2.257

 

说明:刘宏缔的架构森林是一个专注架构的博客,地址:https://www.cnblogs.com/architectforest

         对应的源码可以访问这里获取: https://github.com/liuhongdi/

说明:作者:刘宏缔 邮箱: 371125307@qq.com

 

二,问题的原因

因为我们生成密钥的openssh的版本过高的原因

 

看例子:先生成密钥
[root@localhost ~]# ssh-keygen -t rsa
查看所生成私钥的格式:
[root@localhost ~]$ more .ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
…
可以看到密钥的首行是:
-----BEGIN OPENSSH PRIVATE KEY——
而jenkins 2.2.57 版本在检验密钥时还不支持这种格式, 

 

三,问题的解决:

1,指定格式

 

[root@localhost ~]# ssh-keygen -m PEM -t rsa -b 4096

说明:

-m 参数指定密钥的格式,PEM是rsa之前使用的旧格式
 -b 指定密钥长度。对于RSA密钥,最小要求768位,默认是2048位。

 

附man手册的说明:
复制代码
    -m key_format
             Specify a key format for key generation, the -i (import), -e (export) conversion options, and the -p change passphrase oper‐
             ation.  The latter may be used to convert between OpenSSH private key and PEM private key formats.  The supported key for‐
             mats are: “RFC4716” (RFC 4716/SSH2 public or private key), “PKCS8” (PKCS8 public or private key) or “PEM” (PEM public key).
             By default OpenSSH will write newly-generated private keys in its own format, but when converting public keys for export the
             default format is “RFC4716”.  Setting a format of “PEM” when generating or updating a supported private key type will cause
             the key to be stored in the legacy PEM private key format.
复制代码

 

2,查看密钥格式:
[root@localhost ~]# more /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEA44rzAenw3N7Tpjy5KXJpVia5oSTV/HrRg7d8PdCeJ3N1AiZU
 ...
可以看到密钥的首行是:
-----BEGIN RSA PRIVATE KEY-----
这样改动后可以通过jenkins对密钥格式的验证 

 

四,测试:

点击 test configuration 后,提示 success,表示密钥无问题

五,查看Jenkins版本

在登录后首页的右下角,可以看到当前的版本: 2.379

 

posted @ 2023-03-14 21:47  arun_yh  阅读(752)  评论(0编辑  收藏  举报