SSH from jenkins to same host

Question

I have a jenkins instance running on my raspberry pi 3 and i also have my (simple) apache webserver running on the same raspberry pi.

I've got a pipeline from jenkins to fetch a git repo, build it and put (via scp) the build files on my webserver.

I have a ssh private/public key setup, but it's a bit stupid (?) to have an ssh key when the jenkins is hosted on the same 'machine' with the same ip address no?

Anyway, on my raspberry pi i have setup the autorized keys file and the known host file with the public key on it, and i've added the private key to jenkins via the ssh-agent plugin.

Here you have my jenkinsfile thats being used by jenkins to define my pipeline:

node{
    stage('Checkout') {
        checkout scm
    }

    stage('install') {
        nodejs(nodeJSInstallationName: 'nodeJS10.5.0') {
            sh "npm install"
        }
    }

    stage('build'){
        nodejs(nodeJSInstallationName: 'nodeJS10.5.0') {
            sh "npm run build"
        }
    }

    stage('connect ssh and remove files') {
        sshagent (credentials: ["0527982f-7794-45d0-99b0-135c868c5b36"]) {
            sh "ssh pi@123.456.789.123 -p 330 rm -rf /var/www/html/*"
        }
    }


    stage('upload new files'){
        sshagent (credentials: ["0527982f-7794-45d0-99b0-135c868c5b36"]) {
            sh "scp -P 330 -r ./build/* pi@123.456.789.123:/var/www/html"
        }
    }
}

Here is the output from the second to last job that is failing:

[Pipeline] }
[Pipeline] // nodejs
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (connect ssh and remove files)
[Pipeline] sh
[Deploy_To_Production] Running shell script
+ ssh pi@123.456.789.123 -p 330 rm -rf /var/www/html/asset-manifest.json /var/www/html/css /var/www/html/favicon.ico /var/www/html/fonts /var/www/html/images /var/www/html/index.html /var/www/html/manifest.json /var/www/html/service-worker.js /var/www/html/static /var/www/html/vendor
Host key verification failed.
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
ERROR: script returned exit code 255
Finished: FAILURE

Note: I've changed my IP address and my ssh port for security reasons.

Manually i can ssh to my raspberry pi and i can execute the commands manually from my laptop (both from same and other domain works).

I've also port forwarded the local ip so that i connect to it via SSH when i'm not home.

I guess I'm doing something wrong with the SSH keys etc, but i'm no expert whatsoever!

Can anyone help?

Answer 1

The issue was indeed that the host key verification was failing. I think this was due to not trusting the host.

But the real issue was pointed out by @3sky (see other answer). I needed to login as the jenkins user and try to ssh to my raspberry pi (which are both on the same machine).

So these are the steps i did:

1. Login via ssh to my raspberry pi

   ssh -v pi@123.456.789.123 -p 330

2. Then I switched user to the jenkins user. After some google search i've found out how

   sudo su -s /bin/bash jenkins

3. Then i ssh again to my own machine (where i already was ssh'ed in), so that i get the pop-up for thrusting this host once and for all!

   ssh -v pi@123.456.789.123 -p 330

This solved my issue! Big thanks to 3sky for helping out!

Answer 2

I need 4 more reputation point to comment, so I must write answer:)

Try use -v to debug ssh connection:

stage('connect ssh and remove files') {
    sshagent (credentials: ["0527982f-7794-45d0-99b0-135c868c5b36"]) {
        sh "ssh -v pi@123.456.789.123 -p 330 rm -rf /var/www/html/*"
    }
}

In another hand Host key verification failed means that the host key of the remote host was changed or you don't have the host key of the remote host. So at first try just ssh -v pi@123.456.789.123 as Jenkins user, from Jenkins host.