Maven Wagon SCP is not able to establish a connection

7.6k views Asked by At

I am trying to copy resources to another location. I am using maven wagon-ssh plugin to do this. It works fine locally, I am having issues when using Hudson/Jenkins.

My settings.xml file looks like this:

<servers>
    <server>
        <id>iq</id>
        <configuration>
            <knownHostsProvider implementation="org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider">
                <hostKeyChecking>no</hostKeyChecking>
            </knownHostsProvider>
        </configuration>
        <username>user</username>
        <password>pass</password>
    </server>
</servers>

I tried this answer to skipping checking as I was getting:

Are you sure you want to continue connecting? (yes/no): The authenticity of host 'address' can't be established.
RSA key fingerprint is 10:.......:bb.

but now I am getting:

Could not apply configuration for iq to wagon org.apache.maven.wagon.providers.ssh.jsch.ScpWagon:ClassNotFoundException: Class name which was explicitly given in configuration using 'implementation' attribute: 'org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider' cannot be loaded
org.codehaus.plexus.component.configurator.ComponentConfigurationException: ClassNotFoundException: Class name which was explicitly given in configuration using 'implementation' attribute: 'org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider' cannot be loaded
    at org.codehaus.plexus.component.configurator.converters.AbstractConfigurationConverter.getClassForImplementationHint(AbstractConfigurationConverter.java:70)
    at .....

Caused by: java.lang.ClassNotFoundException: org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider
    at org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy.loadClass(SelfFirstStrategy.java:50)
    at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(ClassRealm.java:244)
    at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(ClassRealm.java:230)
    at org.codehaus.plexus.component.configurator.converters.AbstractConfigurationConverter.getClassForImplementationHint(AbstractConfigurationConverter.java:61)
    ... 37 more
The authenticity of host 'address' can't be established.
RSA key fingerprint is 10:.......:bb.
Are you sure you want to continue connecting? (yes/no): The authenticity of host 'address' can't be established.
4

There are 4 answers

1
Charles Hu On BEST ANSWER

maven apparently requires a ssh-rsa entry in the known_hosts file for the jenkins user. You can add the ssh-rsa entry to the file by issuing:

ssh-keyscan -t rsa YOUR_REMOTE_HOSTNAME >> ~jenkins/.ssh/known_hosts

[[ Added from another answer to make this one definitive. ]]

Instead, you might be able to add the following to the ~jenkins/.ssh/config. See: How to Avoid Maven builds stall on ssh host authenticity problem?

StrictHostKeyChecking no
4
Shamis Shukoor On

The problem was that RSA keys were not exchanged.

so what I did was that, I connected both the servers from command line. So the RSA keys got stored and

Are you sure you want to continue connecting? (yes/no): The authenticity of host 'address' can't be established.
RSA key fingerprint is 10:.......:bb.

this message stopped. It works perfectly now

0
Vojtěch Liška On

This is what we use to populate known_hosts file on jenkins node:

  <plugin>
    <groupId>org.codehaus.groovy.maven</groupId>
    <artifactId>gmaven-plugin</artifactId>
    <executions>
      <execution>
          <id>check-known-hosts</id>
          <phase>initialize</phase>
          <goals>
            <goal>execute</goal>
          </goals>
          <configuration>
            <source>
                import com.jcraft.jsch.*;
                import org.apache.maven.wagon.providers.ssh.knownhost.*;

                def keyString = "<REPLACE_WITH_HOST_KEY>" // host key - the line from known_hosts after key type (ssh-rsa)

                FileKnownHostsProvider fkhp = new FileKnownHostsProvider();

                JSch sch = new JSch();
                sch.setKnownHosts(new ByteArrayInputStream(fkhp.getContents().getBytes()));

                def host = project.properties.serverAddress // define <serverAddress>someserveraddress.com</serverAddress> in <properties> 

                if (host != null) {
                  HostKeyRepository hkr = sch.getHostKeyRepository();
                  HostKey[] hk = hkr.getHostKey( host , null );

                  StringWriter stringWriter = new StringWriter();

                  String knownHost = host + " " + "ssh-rsa" + " " + keyString;

                  if ( hk != null )
                  {

                    PrintWriter w = new PrintWriter( stringWriter )
                    def containsKey = false;
                    for ( HostKey key : hk )
                    {
                      def toAdd =  key.getHost() + " " + key.getType() + " " + key.getKey();
                      w.println(toAdd)  ;
                      containsKey = knownHost.equals(toAdd);
                    }
                    if (!containsKey) {
                      println "Adding key for " + host + " to known_hosts"
                      w.println(knownHost);
                      fkhp.storeKnownHosts(stringWriter.toString() );
                    } else {
                      println "Key for " + host + " is already present in known_hosts"
                    }
                  }
                }
            </source>
          </configuration>
      </execution>
    </executions>
    <dependencies>
      <dependency>
        <groupId>org.apache.maven.wagon</groupId>
        <artifactId>wagon-ssh-common</artifactId>
        <version>2.10</version>
      </dependency>
      <dependency>
        <groupId>com.jcraft</groupId>
        <artifactId>jsch</artifactId>
        <version>0.1.54</version>
      </dependency>
    </dependencies>
  </plugin>

Seems to work pretty well.

0
lodewykk On

Wagon-ssh will do the work for you. No manual or scripted copying of fingerprints need be done.

Disable only strict host key checking in the settings.xml file.

<servers>
    <server>
        <id>iq</id>
        <configuration>

            <StrictHostKeyChecking>no</StrictHostKeyChecking>

        </configuration>
        <username>user</username>
        <password>pass</password>
    </server>
</servers>

The host fingerprint is automatically accepted and stored in the known_hosts file. The rest of the authentication process proceeds as normal.

This runs successfully on a Bamboo buildserver with build agents with their own local ssh configuration files.