碰到詹金斯时,plink找不到选美 [英] plink won't find pageant when ran over jenkins
问题描述
我正在尝试使用Windows中的Jenkins构建来设置自动备份.配置为:
- Windows 7
- 詹金斯1.594
- putty工具beta 0.63
我在没有特权的"jenkins"用户下将Jenkins作为服务运行.我已经创建了一个公钥/私钥对,并将其上传到SSH服务器,并且已经验证了我能够在运行选美时以不通知用户密码的方式登录,并且在以jenkins用户身份登录时加载了私钥.
Jenkins构建调用一个批处理脚本,该脚本使用plink在SSH服务器上运行postgres备份,然后运行pscp在本地复制备份.问题是,如果我通过命令行运行与jenkins用户相同的脚本,则一切正常,但是当通过Jenkins调用脚本时,它似乎无法检测到选美正在运行. jenkins用户的活动会话正在运行选美.
问题是:如何使plink/pscp找到选美实例?
手动运行输出:
plink -v -batch -agent -l user -P 22 <IP> "<COMMAND>"
Looking up host "<IP>"
Connecting to <IP> port 22
Server version: SSH-2.0-OpenSSH_5.3
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 <FINGERPRINT>
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Using username "user".
Trying Pageant key #0
Authenticating with public key "jenkins@build" from agent
Sending Pageant's response
Access granted
Opening session as main channel
Opened main channel
Started a shell/command
...
Jenkins运行输出:
plink -v -batch -agent -l user -P 22 <IP> "<COMMAND>"
Looking up host "<IP>"
Connecting to <IP> port 22
Server version: SSH-2.0-OpenSSH_5.3
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 <FINGERPRINT>
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "user".
Using SSPI from SECUR32.DLL
Attempting GSSAPI authentication
GSSAPI authentication request refused
Disconnected: Unable to authenticate
pageant.exe的会话号和会话名称与正常的CMD& amp;启动时不同.来自詹金斯(Jenkins). 通过CMD,会话名称为控制台".通过Jenkins,它是服务".
正如Martin Prikryl正确指出的,会话的plink.exe只能访问同一会话的pagent.exe.因此,Jenkins(会话名称=服务)的plink.exe无法访问Windows用户会话(会话名称=控制台)的pagent.exe
使用的命令:
tasklist /FI "IMAGENAME eq pageant.exe"
我尝试从Jenkins启动pagent.exe,然后让Jenkins的plink.exe使用此选美阶段,但不知何故Jenkins无法启动选美:(
此问题的解决方法是从CMD而不是从Services启动Jenkins:
java -jar jenkins.war
这样可以确保选美比赛plink具有相同的会话名称,即控制台,现在plink可以与选美进行通信了:)
I'm trying to setup automatic backups using a Jenkins build in Windows. The config is:
- Windows 7
- Jenkins 1.594
- putty tools beta 0.63
I'm running Jenkins as a service under a unprivileged 'jenkins' user. I have created a public/private key pair and uploaded it to the SSH server and I have validated that I'm able to login without informing the user password while running pageant with the private key loaded while logged in with the jenkins user.
The Jenkins build invokes a batch script which uses plink to run a postgres backup on the SSH server and after runs pscp to copy the backup locally. The issue is that, if I run the same script as the jenkins user via commandline everything works but when the script is invoked through Jenkins looks like it doesn't detect pageant is running. The jenkins user has an active session with pageant running.
The question is: how to make plink/pscp find the pageant instance?
MANUAL RUN OUTPUT:
plink -v -batch -agent -l user -P 22 <IP> "<COMMAND>"
Looking up host "<IP>"
Connecting to <IP> port 22
Server version: SSH-2.0-OpenSSH_5.3
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 <FINGERPRINT>
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Using username "user".
Trying Pageant key #0
Authenticating with public key "jenkins@build" from agent
Sending Pageant's response
Access granted
Opening session as main channel
Opened main channel
Started a shell/command
...
JENKINS RUN OUTPUT:
plink -v -batch -agent -l user -P 22 <IP> "<COMMAND>"
Looking up host "<IP>"
Connecting to <IP> port 22
Server version: SSH-2.0-OpenSSH_5.3
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 <FINGERPRINT>
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "user".
Using SSPI from SECUR32.DLL
Attempting GSSAPI authentication
GSSAPI authentication request refused
Disconnected: Unable to authenticate
The Session# and Session Name for the pageant.exe is different when started from normal CMD & from Jenkins. Via CMD the Session Name is "Console". Via Jenkins it is "Services".
As pointed by Martin Prikryl correctly, the plink.exe of a session can only access pagent.exe of same session. Hence, plink.exe of Jenkins (Session Name = Services) cannot access pagent.exe of Windows User session (Session Name = Console)
Command Used:
tasklist /FI "IMAGENAME eq pageant.exe"
I tried starting pagent.exe from Jenkins and then let plink.exe from Jenkins use this pageant session, but somehow Jenkins could not start pageant :(
Workaround for this is to start Jenkins from CMD and not from Services:
java -jar jenkins.war
This will ensure that both pageant & plink have same Session Name i.e. Console and now plink is able to communicate with pageant :)
这篇关于碰到詹金斯时,plink找不到选美的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
