macossshhudsonmaster-slave

SSH Key authentication failing when connecting Mac Hudson slave to Linux master


Ok, so I have Hudson (v1.393) running in an Ubuntu VM and everything's working fine. However I'm trying to add a Mac slave to the Ubuntu master and I've run in to a few problems.

I have set up SSH keys so that from the command line, the Ubuntu VM can ssh using the key into a user called hudson on the Mac.

In the Hudson slave configuration, I have "Launch slave agents on Unix machines via SSH" selected and have entered the host IP, username of the user on the slave and the location of my private key file on the master (which has been added to the authorised keys file on the slave).

However, the master fails to connect to the slave. Looking at the log (below), it's trying to authenticate using a password.

Is this a fall back for a failed key based SSH attempt?
Is Hudson only trying to authenticate using a password, and I need to change something else to get it to use the key file which is defined in the configuration?
Is it just not possible to launch slave agents via ssh on a mac? (I know the name of this type of slave launch method explicity states Unix, but I was thinking (read: hoping) that it would work with OS X too)

Log

[01/14/11 10:38:07] [SSH] Opening SSH connection to 10.0.1.188:22.
[01/14/11 10:38:07] [SSH] Authenticating as hudson/******.
java.io.IOException: Password authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:319)
at com.trilead.ssh2.Connection.authenticateWithPassword(Connection.java:314)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:565)
at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:179)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:184)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:636)
Caused by: java.io.IOException: Authentication method password not supported by the server at this stage.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:289)
... 9 more
[01/14/11 10:38:07] [SSH] Connection closed.

If anyone has managed to conquer this type of set up before, or has any tips or ideas, I'd be very grateful! Thanks


Solution

  • I've recently run into the same problem, trying to launch an agent on a Mac OS X 10.6 machine using SSH.

    To get password authentication to work you'll need to edit /etc/sshd_config on the client node, setting PasswordAuthentication yes

    In the Hudson dashboard take the node offline, make sure the configuration has a valid username and password, and launch the agent. Also make sure that the Remote FS root directory is owned by the build user you're connecting as.

    For password-less ssh authentication, first check which user the Hudson master is running as. Lets assume that this is tomcat55. Generate a public/private SSH key pair (with an empty passphrase), then verify that the Hudson user can connect.

    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/tomcat55/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/tomcat55/.ssh/id_rsa.
    Your public key has been saved in /home/tomcat55/.ssh/id_rsa.pub.
    
    $ # authorize the hudson master on the hudson node
    $ scp /home/tomcat55/.ssh/id_rsa.pub hudson@macnode:~/.ssh/authorized_keys
    $ # test the connection
    $ ssh -i /home/tomcat55/.ssh/id_rsa hudson@macnode
    

    On the Hudson mac node, the /etc/sshd_config needs to allow for password-less access.

    Protocol 2
    PubkeyAuthentication yes
    

    In the node configuration clear the password field, and set the private key field (in this example it is /home/tomcat55/.ssh/id_rsa). You should now be able to launch the agent:

    [01/19/11 22:38:44] [SSH] Opening SSH connection to macnode:22.
    [01/19/11 22:38:44] [SSH] Authenticating as hudson with /home/tomcat55/.ssh/id_rsa.
    [01/19/11 22:38:45] [SSH] Authentication successful.