mjhjmtu

I use Jenkins in ubuntu server. In this case, I want to copy a file to another remote server. I use SCP command inside sshagent the Jenkins pipeline.

I tried the solution from unable to scp in jenkins,
already created user: jenkins, save the public key to the ubuntu@remoteip allowed_host, and it's ssh private key is saved in Jenkins credentials with the ID jenkins-ssh-to-ubuntu.

I also tried from the ssh directly from jenkins server to remote ip with the from the jenkins user in jenkins server, it can connect to the remoteip.

Whenever I want to do scp command in pipeline the console returns error. But when it's just usual ssh command like cat atext.txt it prints out the result. Here's the console log of the pipeline

[Pipeline] sh
ssh -o StrictHostKeyChecking=no ubuntu@remoteip cat atext.txt
Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).

 example: "it prints out the long text to the jenkins console output"

[Pipeline] sh
+ scp -r docker-compose-prod.yml ubuntu@remoteip:.
Host key verification failed.
lost connection

here's my pipeline

 stage('Copy requiredfile to deployment')
 sshagent(['jenkins-ssh-to-ubuntu'])
 sh "ssh -o StrictHostKeyChecking=no ubuntu@remoteip atext.txt"
 sh "scp -r docker-compose-prod.yml ubuntu@remoteip:."
 
 

How can I resolve this?

Update: host key verification failed when I use scp question is the same as mine, but I didn't have the same console log there was no REMOTE HOST IDENTIFICATION HAS CHANGED! warning

Checking the permission in the jenkins machine stat ~jenkins/.ssh it's 0700

 File: /var/lib/jenkins/.ssh/
 Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fc01h/64513d Inode: 265912 Links: 2
Access: (0700/drwx------) Uid: ( 111/ jenkins) Gid: ( 115/ jenkins)
Access: 2019-01-18 03:22:46.519541657 +0000
Modify: 2019-01-18 03:07:42.447547320 +0000
Change: 2019-01-18 03:07:42.447547320 +0000
 Birth: -

I updated the example too, I think there's some command that works and that isn't.

Update: Running ssh manually using jenkins user

jenkins@ubuntu:/home/ubuntu$ ssh ubuntu@remoteip
The authenticity of host 'remoteip (remoteip)' can't be established.
ECDSA key fingerprint is SHA256:fingerprint.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).
Enter passphrase for key '/var/lib/jenkins/.ssh/id_rsa':
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-141-generic x86_64) 

after that welcome message, I logged in as ubuntu in remoteip machine

this is the result of ls -la /var/lib/jenkins/.ssh

jenkins@ubuntu-s-1vcpu-1gb-sgp1-01:/home/ubuntu$ ls -la /var/lib/jenkins/.ssh
total 24
drwx------ 2 jenkins jenkins 4096 Jan 18 03:07 .
drwxr-xr-x 22 jenkins jenkins 4096 Jan 18 10:06 ..
-rw------- 1 jenkins jenkins 1766 Jan 18 03:07 id_rsa
-rw-r--r-- 1 jenkins jenkins 416 Jan 18 03:07 id_rsa.pub
-rw------- 1 root root 666 Jan 7 09:40 known_hosts
-rw-r--r-- 1 jenkins jenkins 888 Dec 27 01:47 known_hosts.old

and this is the content of /etc/ssh/ssh_config

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
 SendEnv LANG LC_*
 HashKnownHosts yes
 GSSAPIAuthentication yes

Your manual command ssh ubuntu@remoteip cannot save the host identification as shown with

Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).

because this file is owned by root and not writable for user jenkins

-rw------- 1 root root 666 Jan 7 09:40 known_hosts

First run as root

chown jenkins.jenkins /var/lib/jenkins/.ssh/known_hosts

then run as jenkins

ssh ubuntu@remoteip

The first time it should save the host identification and the next time it should not ask again. After this your scp command should work.