Ssh
Jenkins 管道:scp 嘗試複製到其他遠端,主機密鑰驗證失敗
我在 ubuntu 伺服器中使用 Jenkins。在這種情況下,我想將文件複製到另一個遠端伺服器。我在 Jenkins 管道的 sshagent 中使用 SCP 命令。
我嘗試了無法在 jenkins 中進行 scp的解決方案,已經創建了使用者:jenkins,將公鑰保存到 ubuntu@remoteip allowed_host,它的 ssh 私鑰保存在帶有 ID 的 Jenkins 憑據中
jenkins-ssh-to-ubuntu。我還嘗試從 jenkins 伺服器中的 ssh 直接從 jenkins 伺服器中的
jenkins使用者到遠端 ip,它可以連接到 remoteip。每當我想
scp在管道中執行命令時,控制台都會返回錯誤。但是當它只是普通的 ssh 命令時,cat atext.txt它會列印出結果。這是管道的控制台日誌[Pipeline] sh ssh -o StrictHostKeyChecking=no ubuntu@remoteip cat atext.txt Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts). { example: "it prints out the long text to the jenkins console output" } [Pipeline] sh + scp -r docker-compose-prod.yml ubuntu@remoteip:. Host key verification failed. lost connection這是我的管道
stage('Copy requiredfile to deployment'){ sshagent(['jenkins-ssh-to-ubuntu']){ sh "ssh -o StrictHostKeyChecking=no ubuntu@remoteip atext.txt" sh "scp -r docker-compose-prod.yml ubuntu@remoteip:." } }我該如何解決這個問題?
更新: 使用 scp 時主機密鑰驗證失敗問題與我的相同,但我沒有相同的控制台日誌,沒有
REMOTE HOST IDENTIFICATION HAS CHANGED!警告檢查詹金斯機器中的權限
stat ~jenkins/.ssh是0700File: /var/lib/jenkins/.ssh/ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fc01h/64513d Inode: 265912 Links: 2 Access: (0700/drwx------) Uid: ( 111/ jenkins) Gid: ( 115/ jenkins) Access: 2019-01-18 03:22:46.519541657 +0000 Modify: 2019-01-18 03:07:42.447547320 +0000 Change: 2019-01-18 03:07:42.447547320 +0000 Birth: -我也更新了這個例子,我認為有一些命令有效,但不是。
更新:
jenkins使用使用者手動執行 sshjenkins@ubuntu:/home/ubuntu$ ssh ubuntu@remoteip The authenticity of host 'remoteip (remoteip)' can't be established. ECDSA key fingerprint is SHA256:fingerprint. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts). Enter passphrase for key '/var/lib/jenkins/.ssh/id_rsa': Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-141-generic x86_64)在那條歡迎消息之後,我在 remoteip 機器上以 ubuntu 身份登錄
這是結果
ls -la /var/lib/jenkins/.sshjenkins@ubuntu-s-1vcpu-1gb-sgp1-01:/home/ubuntu$ ls -la /var/lib/jenkins/.ssh total 24 drwx------ 2 jenkins jenkins 4096 Jan 18 03:07 . drwxr-xr-x 22 jenkins jenkins 4096 Jan 18 10:06 .. -rw------- 1 jenkins jenkins 1766 Jan 18 03:07 id_rsa -rw-r--r-- 1 jenkins jenkins 416 Jan 18 03:07 id_rsa.pub -rw------- 1 root root 666 Jan 7 09:40 known_hosts -rw-r--r-- 1 jenkins jenkins 888 Dec 27 01:47 known_hosts.old這是內容
/etc/ssh/ssh_config# This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Host * # ForwardAgent no # ForwardX11 no # ForwardX11Trusted yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes
您的手動命令
ssh ubuntu@remoteip無法保存主機標識,如下所示Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).因為此文件歸
root使用者所有且不可寫jenkins-rw------- 1 root root 666 Jan 7 09:40 known_hosts首先執行為
rootchown jenkins.jenkins /var/lib/jenkins/.ssh/known_hosts然後執行為
jenkinsssh ubuntu@remoteip第一次應該保存主機標識,下次不要再詢問。在此之後,您的
scp命令應該可以工作。