Home > OS >  Jenkins: Git clone fails with no matching key exchange method found
Jenkins: Git clone fails with no matching key exchange method found

Time:03-24

I'm using Jenkins version - 2.332.1 and i have problem with jenkins ssh gerrit repository clone. The details as follows,

Jenkins Git plugin Version 4.10.3 

Build server environment:-

$ ssh -V
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f  31 Mar 2020

$ git --version
git version 2.33.1

Jenkins Build console Log:-

11:35:13  > git config remote.origin.url ssh://[email protected]:29418/ndk/linux/kernal-image # timeout=10
11:35:13 Fetching upstream changes from ssh://[email protected]:29418/ndk/linux/kernal-image
11:35:13  > git --version # timeout=10
11:35:13  > git --version # 'git version 2.33.1'
11:35:13  > git fetch --tags --force --progress -- ssh://[email protected]:29418/ndk/linux/kernal-image  refs/heads/*:refs/remotes/origin/* # timeout=10
11:35:13 ERROR: Error fetching remote repo 'origin'
11:35:13 hudson.plugins.git.GitException: Failed to fetch from ssh://[email protected]:29418/ndk/linux/kernal-image
11:35:13    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:1001)
11:35:13    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1242)
11:35:13    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1302)
11:35:13    at hudson.scm.SCM.checkout(SCM.java:540)
11:35:13    at hudson.model.AbstractProject.checkout(AbstractProject.java:1215)
11:35:13    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:645)
11:35:13    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:85)
11:35:13    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:517)
11:35:13    at hudson.model.Run.execute(Run.java:1896)
11:35:13    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:44)
11:35:13    at hudson.model.ResourceController.execute(ResourceController.java:101)
11:35:13    at hudson.model.Executor.run(Executor.java:442)
11:35:13 Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --force --progress -- ssh://[email protected]:29418/ndk/linux/kernal-image  refs/heads/*:refs/remotes/origin/*" returned status code 128:
11:35:13 stdout: 
11:35:13 stderr: Unable to negotiate with 165.55.66.77 port 29418: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
11:35:13 fatal: Could not read from remote repository.
11:35:13 
11:35:13 Please make sure you have the correct access rights
11:35:13 and the repository exists.
11:35:13 
11:35:13    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2671)
11:35:13    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:2096)
11:35:13    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:84)
11:35:13    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:618)
11:35:13    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:999)
11:35:13    ... 11 more
11:35:13 ERROR: Error fetching remote repo 'origin'
11:35:13 Finished: FAILURE

On terminal ssh connection to gerrit works, the result as follows,

$ ssh -p 29418 [email protected]

  ****    Welcome to Gerrit Code Review    ****

  Hi ProUser ., you have successfully connected over SSH.

  Unfortunately, interactive shells are disabled.
  To clone a hosted Git repository, use:

  git clone ssh://[email protected]:29418/REPOSITORY_NAME.git

To solve the problem with jenkins. Kindly help me with the possible workarounds.

CodePudding user response:

On the server where the Jenkins controller is running (assuming it is the same as the one where you tested your ssh connection manually), add to the .bashrc

export GIT_SSH_COMMAND='ssh -Tv'

That will allow to see exactly what SSH command is run and where it seeks its SSH key pair.

For that, you need to double-check with which account the Jenkins controller is running (root, or the same user account you used yourself for your manual test)

And the issue is also the port used by default is not 29418, but 22.

To make sure you are using the right port (again, assuming Jenkins runs with the same user account as the one you are using):

  • replace the Gerrit server URL with

    gerrit:REPOSITORY_NAME.git
    
  • add a ~/.ssh/config file with:

Host gerrit
  Hostname 165.55.66.77
  User prj-user
  Port 29418
  IdentityFile ~/.ssh/TheRightPrivateKey
  KexAlgorithms  diffie-hellman-group1-sha1,diffie-hellman-group1-sha1

That way, you are sure the SSH URL/command will be the right one, using the right port/key/user/hostname.

  • Related