Jenkins 掃描多分支管道失敗 主機密鑰驗證失敗

Question

Jenkins 在嘗試掃描多分支管道時出現 SSH 問題，並且 ssh 給出“主機密鑰驗證失敗”：

[Wed Sep 21 01:10:09 PDT 2022] Starting branch indexing...
 > git --version # timeout=10
 > git --version # 'git version 2.31.1'
using GIT_SSH to set credentials jenkins@jenkinsserver SSH private key
[INFO] Currently running in a labeled security context
[INFO] Currently SELinux is 'enforcing' on the host
 > /usr/bin/chcon --type=ssh_home_t /tmp/jenkins-gitclient-ssh7000755047282481393.key
Verifying host key using manually-configured host key entries
 > git ls-remote --symref -- ssh://jenkins@jenkinsserver.corp.contoso.com/vol/git/cmb.git # timeout=10
ERROR: [Wed Sep 21 01:10:09 PDT 2022] Could not update folder level actions from source blueocean
[Wed Sep 21 01:10:09 PDT 2022] Finished branch indexing. Indexing took 0.13 sec
FATAL: Failed to recompute children of CertAccord
hudson.plugins.git.GitException: Command "git ls-remote --symref -- ssh://jenkins@jenkinsserver.corp.contoso.com/\
vol/git/cmb.git" returned status code 128:
stdout:
stderr: No ECDSA host key is known for jenkinsserver.corp.contoso.com and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2697)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2111)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2009)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2000)
        at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getRemoteSymbolicReferences(CliGitAPIImpl.java:3675)
        at jenkins.plugins.git.AbstractGitSCMSource.retrieveActions(AbstractGitSCMSource.java:1152)
        at jenkins.scm.api.SCMSource.fetchActions(SCMSource.java:848)
        at jenkins.branch.MultiBranchProject.computeChildren(MultiBranchProject.java:598)
        at com.cloudbees.hudson.plugins.folder.computed.ComputedFolder.updateChildren(ComputedFolder.java:278)
        at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:166)
        at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1032)
        at hudson.model.ResourceController.execute(ResourceController.java:107)
        at hudson.model.Executor.run(Executor.java:449)
Finished: FAILURE

我知道這個問題表明 ssh 客戶端正在接收它無法識別的 ssh 服務器簽名（例如，它不在 known_hosts 中）。

如果我在 jenkinsserver 上“su - jenkins”，我可以毫無問題地手動運行 git 和 ssh：

$ git ls-remote --symref -- ssh://jenkins@jenkinsserver.corp.contoso.com/vol/git/cmb.git
ref: refs/heads/master  HEAD
f79a54e2233749e0f0a9cf01        HEAD
... snip ...
$ ssh jenkinsserver.corp.contoso.com date
Wed Sep 21 01:45:20 PDT 2022
$ grep jenkinsserver ~/.ssh/known_hosts
jenkinsserver.corp.contoso.com ecdsa-sha2-nistp256 AAAAE2VjZHN....

這意味着 Jenkins 以某種方式告訴 ssh 使用其他一些 known_hosts 文件。 我就是不知道那個文件在哪里！

由於這是一個分支掃描，它在 jenkin 的服務器上運行，對吧？

jenkinsserver 是一個 RHEL 8.6 系統。 Jenkins 版本 2.361.1-1.1

Answer 1

找到了解決方案。 在管理 Jenkins > 配置全局安全 > Git 主機密鑰驗證配置中，我將其更改為“接受第一個連接”。 它被設置為“手動提供密鑰”。