All geek questions in one place

Jenkins - can execute command execute ssh commands

Is it possible that Jenkins "Execute shell" executes SSH commands?

Jenkins has a number of pre-build and post-build options that are specifically designed for commands like SSH, however I have one script that runs both the build and the SCP and SSH commands. Does Jenkins force users to break build scripts into stages?

The "Execute Shell" is the one that I am trying to execute my SSH commands, but I have not been successful.

debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /var/lib/jenkins/.ssh/identity debug1: Trying private key: /var/lib/jenkins/.ssh/id_rsa debug1: Trying private key: /var/lib/jenkins/.ssh/id_dsa debug1: Next authentication method: password debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,password Permission denied, please try again. debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,password Permission denied, please try again. debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Authentications that can continue: publickey,password debug1: No more authentication methods to try. Permission denied (publickey,password). SSH Access not available for build engine
+4
source share
2 answers

As long as you use the publication, you can send commands via ssh and copy files through scp . We use this to trigger some specific processes and publish some artifacts that cannot be carried through existing commands for various reasons.

You must carefully monitor which keys you use and which users you are addressing on the remote server. Often we use explicit -i arguments in ssh, and we always use explicit usernames to make sure everything goes as expected

 ssh -i <key_path> <user>@<fqdn_host> <command>

If you do this in your script, everything will be fine. Of course, the key file should be readable by your Jenkins process, and you will need to make sure that the key is installed on both sides.

I also highly recommend using the built-in ssh controls to control:

  • What hosts can use this key
  • What commands can be used with this key

In particular, you can use the settings in ~/.ssh/authorized_keys on the host, which is the purpose of the ssh / scp command, to limit the hosts that can connect ( host= ), and even preload the command so that a particular key always only executes one specific command ( command= ).

For true adventures, you can specify command= and send commands to a limited shell command that restricts directory access or command access.

+12
source

Instead of explicitly executing the ssh command from the Execute Shell step, you can use one of the existing Jenkins add-ons:

+2
source

Source: https://habr.com/ru/post/1496982/

More articles:


All Articles