繁体   English   中英

Jenkins 扫描多分支管道失败 主机密钥验证失败

[英]Jenkins Scan Multibranch Pipeline fails Host key verification failed

Jenkins 在尝试扫描多分支管道时出现 SSH 问题,并且 ssh 给出“主机密钥验证失败”:

[Wed Sep 21 01:10:09 PDT 2022] Starting branch indexing...
 > git --version # timeout=10
 > git --version # 'git version 2.31.1'
using GIT_SSH to set credentials jenkins@jenkinsserver SSH private key
[INFO] Currently running in a labeled security context
[INFO] Currently SELinux is 'enforcing' on the host
 > /usr/bin/chcon --type=ssh_home_t /tmp/jenkins-gitclient-ssh7000755047282481393.key
Verifying host key using manually-configured host key entries
 > git ls-remote --symref -- ssh://jenkins@jenkinsserver.corp.contoso.com/vol/git/cmb.git # timeout=10
ERROR: [Wed Sep 21 01:10:09 PDT 2022] Could not update folder level actions from source blueocean
[Wed Sep 21 01:10:09 PDT 2022] Finished branch indexing. Indexing took 0.13 sec
FATAL: Failed to recompute children of CertAccord
hudson.plugins.git.GitException: Command "git ls-remote --symref -- ssh://jenkins@jenkinsserver.corp.contoso.com/\
vol/git/cmb.git" returned status code 128:
stdout:
stderr: No ECDSA host key is known for jenkinsserver.corp.contoso.com and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2697)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2111)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2009)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2000)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getRemoteSymbolicReferences(CliGitAPIImpl.java:3675)
        at jenkins.plugins.git.AbstractGitSCMSource.retrieveActions(AbstractGitSCMSource.java:1152)
        at jenkins.scm.api.SCMSource.fetchActions(SCMSource.java:848)
        at jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:598)
        at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:278)
        at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:166)
        at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1032)
        at hudson.model.ResourceController.execute(ResourceController.java:107)
        at hudson.model.Executor.run(Executor.java:449)
Finished: FAILURE

我知道这个问题表明 ssh 客户端正在接收它无法识别的 ssh 服务器签名(例如,它不在 known_hosts 中)。

如果我在 jenkinsserver 上“su - jenkins”,我可以毫无问题地手动运行 git 和 ssh:

$ git ls-remote --symref -- ssh://jenkins@jenkinsserver.corp.contoso.com/vol/git/cmb.git
ref: refs/heads/master  HEAD
f79a54e2233749e0f0a9cf01        HEAD
... snip ...
$ ssh jenkinsserver.corp.contoso.com date
Wed Sep 21 01:45:20 PDT 2022
$ grep jenkinsserver ~/.ssh/known_hosts
jenkinsserver.corp.contoso.com ecdsa-sha2-nistp256 AAAAE2VjZHN....

这意味着 Jenkins 以某种方式告诉 ssh 使用其他一些 known_hosts 文件。 我就是不知道那个文件在哪里!

由于这是一个分支扫描,它在 jenkin 的服务器上运行,对吧?

jenkinsserver 是一个 RHEL 8.6 系统。 Jenkins 版本 2.361.1-1.1

找到了解决方案。 在管理 Jenkins > 配置全局安全 > Git 主机密钥验证配置中,我将其更改为“接受第一个连接”。 它被设置为“手动提供密钥”。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM