Jenkins无法签出Git存储库 - 主机密钥验证失败
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Jenkins无法签出Git存储库 - 主机密钥验证失败相关的知识,希望对你有一定的参考价值。
我以前工作的Jenkins作业现在在从Git检出Jenkins文件时出现错误,并显示消息
Checking out git git@github.com:org/repo into C:Program Files (x86)Jenkinsworkspacelah@script to read Jenkinsfile
No credentials specified
..... several lines detailing Git operations ....
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@github.com:org/repo
.... more trace log ....
stderr: Host key verification failed.
fatal: Could not read from remote repository.
身份验证是通过SSH密钥。 Jenkins作为我的本地用户运行(在Manage Jenkins > System Information
选项卡中可见,通过user.name和user.home,它正确设置到包含.ssh目录的目录。
known_hosts文件包含GitHub的密钥。
一系列ssh -vT git@github.com
产生以下输出(用于发布的次要替换):
local-user>ssh -vT git@github.com
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to github.com [192.30.255.112] port 22.
debug1: Connection established.
debug1: identity file C:\Users\local-user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\Users\local-user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version babeld-3e010779
debug1: no match: babeld-3e010779
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:<key, possibly public but removed>
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in C:\Users\local-user/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:<key, probably my public key> C:\Users\local-user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.255.112]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi <MyGitName>! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2560, received 2236 bytes, in 0.3 seconds
Bytes per second: sent 9884.1, received 8633.2
debug1: Exit status 1
上周,Jenkins文件,服务器配置和密钥都运行良好。我应该注意什么意外改变了?我认为Jenkins要么找不到钥匙,要么找错钥匙,但我不明白为什么。
我已经在GitHub上检查了存储库权限,这个密钥的用户现在具有写入权限,但之前它只使用了Read。
答案
Jenkins告诉我新版本可用,所以我安装并重新启动了实例,现在问题已经消失。
对于其他人的参考,版本如下(虽然这可能不是问题/解决方案 - 也许环境以某种方式变得混乱并且重启是解决方案):
上一篇:2.171
新:2.172
Git插件版本:2.7.6
What's new in 2.172 (2019-04-10)
Security fixes. (security advisory)
What's new in 2.171 (2019-04-07)
Community reported issues: 2×JENKINS-43995 2×JENKINS-39203
Expose the minimum supported version of remoting to allow future releases to reject incompatible agent connections. (issue 50095)
The setup wizard did not properly escape passwords, resulting in errors with certain special characters. (issue 56856)
Revert accidental change to hashCode computation of jenkins.util.TreeString in 2.168. (pull 3930)
Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line. (pull 3967, Storing Secrets in Jenkins)
Developer: Deprecated Run.getLogFile(), as it is not compatible with JEP-210. (pull 3963)
安全公告提到2.172链接的唯一变化:security advisory。
以上是关于Jenkins无法签出Git存储库 - 主机密钥验证失败的主要内容,如果未能解决你的问题,请参考以下文章
使用 Jenkins 管道将多个 git 存储库签出到同一个作业中