stackoom
  简体   繁体   中英

Jenkins Permission denied accessing pem key from Jenkins CLI - Try to make the loging another instance from jenkins instance

 原文  2020-01-09 04:10:02       jenkins/ jenkins-plugins

Question

I have 2 instance in AWS EC2. 1 is for Jenkins 1 is for Angular 6. I am trying to build the pipe line from Jenkins instance to Another EC2 instance where my Angular 6 application is hosting.

What Exactly I am trying to do here, if any push got happened in my Bitbucket repo, Jenkins will identify that login to another EC2 instance via ssh -i user@ip and pull the code from master branch and deploy it via pm2.

Currently I'm facing the problem -

Jenkins logs -

Started by user Atique Ahmed Running as SYSTEM Building in workspace /var/lib/jenkins/workspace/meanstack No credentials specified

git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository git config remote.origin.url https://bitbucket.org/atique12/mongocrud_application_frnt_end.git # timeout=10 Fetching upstream changes from https://bitbucket.org/atique12/mongocrud_application_frnt_end.git git --version # timeout=10 git fetch --tags --progress -- https://bitbucket.org/atique12/mongocrud_application_frnt_end.git +refs/heads/:refs/remotes/origin/ # timeout=10 git rev-parse refs/remotes/origin/master^{commit} # timeout=10 git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out Revision a7df8023cebbbac998274628bc761ea68da62da0 (refs/remotes/origin/master) git config core.sparsecheckout # timeout=10 git checkout -f a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 Commit message: "form.component.html edited online with Bitbucket" git rev-list --no-walk a7df8023cebbbac998274628bc761ea68da62da0 # timeout=10 [meanstack] $ /bin/bash /tmp/jenkins69726072 04969540608.sh jenkins is not in the sudoers file. This incident will be reported. total 12 -r-------- 1 ubuntu ubuntu 1696 Jan 8 05:59 allinstancepair.pem -rwxrwxrwx 1 ubuntu ubuntu 184 Jan 8 17:21 deploy.sh drw------- 2 ubuntu ubuntu 4096 Jan 8 16:00 mykey /home/ubuntu ./deploy.sh: line 4: cd: mykey: Permission denied Warning: Identity file /allinstancepair.pem not accessible: No such file or directory. OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * Pseudo-terminal will not be allocated because stdin is not a terminal. debug1: Connecting to 13.233.183.227 [13.233.183.227] port 22. debug1: Connection established. debug1: identity file /var/lib/jenkins/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /var/lib/jenkins/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7. 6p1 Ubuntu-4ubuntu0.3 debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 13.233.183.227:22 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2t3A4VkLU7+iLWc7e/HKast+vY6I3dXnOxY9pVzL6+g debug1: Host '13.233.183.227' is known and matches the ECDSA host key. debug1: Found key in /var/lib/jenkins/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:ZKnUTgYBL/OMjNHzEf3ATonaIBa5OfQs8htabRUA/Vo /var/lib/jenkins/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /var/lib/jenkins/.ssh/id_dsa debug1: Trying private key: /var/lib/jenkins/.ssh/id_ecdsa debug1: Trying private key: /var/lib/jenkins/.ssh/id_ed25519 debug1: No more authentication methods to try. root@13.233.183.227: Permission denied (publickey). allinstancepair.pem deploy.sh mykey ./deploy.sh: line 7: cd: mongocrud_application_frnt_end: No such file or directory fatal: not a git repository (or any of the parent directories): .git /home/ubuntu ./deploy.sh: line 10: npm: command not found ./deploy.sh: line 11: pm2: command not found /home/ubuntu Finished: SUCCESS

My Jenkins is not able to read the pem key file

while I am trying to make the login using SSH and pem key to another instance.

I have tried -

chmod 400 - mypem.key chmod 600 - mypem.key chmod 777 - mypem.key

No help. Every time I am getting permission denied issue. Any help ?

1 answers

solution1
 1  2021-02-25 06:37:37

Jenkins run the jobs under jenkins user. Jenkins user does not have the permission to read the files from other directories. Also you need to run chmod command with sudo. If you are trying to run commands from Jenkinsfile with sudo, then it won't work. For that you need to edit the sudoers file. It will give access to jenkins user to run sudo commands without password. How to change and what to change can be found here .

One more thing, if you are trying to run shh command from jenkinsfile to connect to other ec2 instance, then simple sh "ssh -i pem.key user@ip" won't work. You need to disable the verification by assigning StrictHostKeyChecking to no ie ssh -o "StrictHostKeyChecking no" -i pem.key user@ip

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question run a Jenkins job on another Jenkins instance from the Jenkins job jenkins - can't ssh to remote server (key - permission denied) but works from cli Starting of Tomcat Instance from Jenkins load key : permission denied jenkins Permission denied error while running from jenkins How to export credentials from one jenkins instance to another? Jenkins Configuration as Code - migrate configuration from another instance Make Jenkins instance available over internet: away from localhost One instance of Jenkins to call another Rsync to Google Compute engine Instance from Jenkins
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM