Jenkins用户ssh / config代理无法正常工作,root用户工作正常

时间:2017-10-05 11:33:14

标签: linux git ssh proxy

我为ssh创建了一个代理设置,以便git clone也将http代理也用于SSH,当我在机器终端上以root用户身份运行它时,这种方法有效。

然而,当我切换到jenkins用户时,我不能再通过代理ssh到bitbucket了。

当我使用Jenkins用户时,如何使用ssh-trust(私钥 - 公钥)获取git克隆repo。

似乎id_rsa按预期工作。来自 /var/lib/jenkins/.ssh

(同样,代理以root身份从命令行运行......)

设置代理

对于root和jenkins,我在相应的主文件夹(/ root和/ var / lib / jenkins)中创建:

vi~ / .ssh / config 

Host bitbucket.org
  HostName altssh.bitbucket.org
  Port 443
  ProxyCommand ncat --proxy webproxy.ec.local:9090 %h %p
  IdentityFile /var/lib/jenkins/.ssh/id_rsa

以下是jenkins使用尝试失败的日志(我也试过提供-i /var/lib/jenkins/.ssh/id_rsa

还:known_hosts为空...... 

bash-4.2$ ssh bitbucket.org -v
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /var/lib/jenkins/.ssh/config
debug1: /var/lib/jenkins/.ssh/config line 1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Executing proxy command: exec ncat --proxy webproxy.ec.local:9090 altssh.bitbucket.org 443
debug1: permanently_drop_suid: 995

debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1

debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: Connection closed by remote host

当我以root身份运行时,我得到(forever_drop_suid:995):

debug1: permanently_set_uid: 0/0
debug1: permanently_drop_suid: 0

本地版本字符串SSH-2.0-OpenSSH_7.4

之后继续连接 
debug1: Remote protocol version 2.0, remote software version conker_1.0.311-c6337e4 app-130
debug1: no match: conker_1.0.311-c6337e4 app-130
debug1: Authenticating to altssh.bitbucket.org:443 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

等等。

2 个答案:

答案 0 :(得分:0)

我正遇到一个类似的问题。通过将.ssh / config从/root/.ssh复制到$ JENKINS_HOME / .ssh / config,我可以使我的詹金斯工作(尽管不是闲着)。

答案 1 :(得分:0)

我怀疑问题在这里

  ProxyCommand ncat --proxy webproxy.ec.local:9090 %h %p

Netcat尝试以普通用户身份绑定到端口,但失败。如果可能,请尝试将绑定端口更改为大于1024。

相关问题
最新问题