Jenkins pipeline - ssh to different machine and where to store credentials (using ssh/SSHAgent plugin/etc...)

Riccardo79 picture Riccardo79 · Jun 14, 2016 · Viewed 41.9k times · Source

TLDR: how to ssh a different machine and where to store ssh credentials on Jenkins pipeline (using ssh / SSHAgent plugin /etc...) ?

The Problem: In Jenkins pipeline I need a remote ssh to target machine. My old approach was to use "Execute shell scripts on remote host using ssh". I would like to specify both username and password.

I've read that the groovy approach shoud be something like

sshagent(['RemoteCredentials']) {
    sh 'ssh -o StrictHostKeyChecking=no -l remoteusername remotetarget uname -a'
  }

RemoteCredentials: it is the private key with passphrase

Is there a way to make ssh with username/password remote credentials? The sshagent does not support username/password auth

Riccardo

Answer

Stefan Crain picture Stefan Crain · Jul 12, 2016

So unfortunately, you're right.

It looks like the ssh-agent-plugin only supports stored user,passphrase,public key credentials added through the Credentials Management area in Jenkins. See this unit test that verifies that ssh-agent is working correctly based around a public key. It's unlikely that there is untested functionality in the plugin to support user+password auth.

If you can, make the switch to Public Key based authentication. If for some reason you can't switch ... you COULD install sshpass on your Jenkins box, but this is generally considered bad practice.

node {
    stage 'Does sshpass work?'
    sh 'sshpass -p \'password\' ssh user@host "ls; hostname; whois google.com;"'
}