詹金斯的sshagent转发不起作用

Question

我正在尝试使用Launch方法连接到从属节点：“通过在主服务器上执行命令启动slave”。

这是我正在使用的启动命令：

ssh -vvvA user@host java -jar /tmp/java/slave.jar

通常情况下，我可以像以下一样对主机进行ssh： -

ssh -A user@host

而且，它的工作原理是因为我的密钥可以在ssh-add的输出中看到

但是，在jenkins的情况下，它在某种程度上不使用ssh-add中存在的键。我无法转发我的ssh代理，如以下错误中 Bold 中的文字所示： -

这是我得到的详细错误： -

[03/14/14 19:02:36] Launching slave agent
$ ssh -vvvA user@host java -jar /tmp/java/slave.jar
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 50: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to host [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /Users/user/.ssh/identity type -1
debug1: identity file /Users/user/.ssh/identity-cert type -1
debug1: identity file /Users/user/.ssh/id_rsa type -1
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: identity file /Users/user/.ssh/id_dsa type -1
debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version Server-VII-hpn13v1
debug1: no match: Server-VII-hpn13v1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "x.x.x.x" from file "/Users/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type DSA in file /Users/user/.ssh/known_hosts:28
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 527/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: DSA ee:33:bd:ac:7b:6e:bd:0b:60:6e:49:20:56:cb:00:d3
debug3: load_hostkeys: loading entries for host "x.x.x.x" from file "/Users/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type DSA in file /Users/user/.ssh/known_hosts:28
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'x.x.x.x' is known and matches the DSA host key.
debug1: Found key in /Users/user/.ssh/known_hosts:28
debug2: bits set: 500/1024
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/user/.ssh/identity (0x0),
debug2: key: /Users/user/.ssh/id_rsa (0x0),
debug2: key: /Users/user/.ssh/id_dsa (0x0),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
**debug1: Trying private key: /Users/user/.ssh/identity
debug3: no such identity: /Users/user/.ssh/identity: No such file or directory
debug1: Trying private key: /Users/user/.ssh/id_rsa
debug3: no such identity: /Users/user/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /Users/user/.ssh/id_dsa
debug3: no such identity: /Users/user/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method**
debug1: No more authentication methods to try.
Permission denied (publickey).
ERROR: Unable to launch the slave agent for x.x.x.x
java.io.EOFException: unexpected stream termination
    at hudson.remoting.ClassicCommandTransport.create(ClassicCommandTransport.java:135)
    at hudson.remoting.Channel.<init>(Channel.java:406)
    at hudson.remoting.Channel.<init>(Channel.java:402)
    at hudson.remoting.Channel.<init>(Channel.java:363)
    at hudson.remoting.Channel.<init>(Channel.java:359)
    at hudson.slaves.SlaveComputer.setChannel(SlaveComputer.java:346)
    at hudson.slaves.CommandLauncher.launch(CommandLauncher.java:122)
    at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:230)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)

来自我的jenkins服务器： -

root@x.x.x.x:$  echo $SSH_AUTH_SOCK
/tmp/launch-52rSLt/Listeners

我已经关注了stackoverflow上的所有问题，并在其中一个问题中找到了这个网址（https://help.github.com/articles/using-ssh-agent-forwarding），但是，到现在为止还没有成功

请指导我做错的地方。

由于

Answer 1

请确认Jenkins master可以访问ssh代理（它具有SSH_AUTH_SOCK环境变量）。

您可以在$ JENKINS_URL / systemInfo页面的＆＃34;环境变量＆＃34;

部分中看到这一点

如果主服务器没有看到ssh代理套接字，则无法使用它。我怀疑主人没有它，但原因取决于你如何安装和运行Jenkins以及在什么平台上。如果您需要更多帮助，请提供有关您的设置的更多信息。

Answer 2

SSH_AUTH_SOCK包含用于与当前用户的SSH代理进行通信的套接字名称。不应该在同一系统上的不同系统或不同用户之间相同。但是，如果未设置SSH_AUTH_SOCK，则表示ssh将无法与代理进行通信。

通常Jenkins以用户jenkins身份运行，并且毫无疑问无法访问其他用户的密钥。试试SSH Agent Plugin，看看它是否适合您。