使用安全的Publish over SSH,而不是有漏洞的SCP Publisher
jenkins不支持新的密钥格式
生成密钥ssh-keygen -t rsa -C "jenkins" -m PEM -P "" -f /var/lib/jenkins/.ssh/id_rsa
jenkins中配置Path to key为.ssh/id_rsa
如果提示无法读取文件,将id_rsa的拥有人改为jenkinschown jenkins /var/lib/jenkins/.ssh/id_rsa
image.png
最终会放到服务器配置的Remote Directory+部署处配置的Remote Directory位置。
PAM错误
# /var/log/message
error: PAM: Authentication failure for root from 10.0.0.11
May 41 11:48:09 microservices-test sshd[32047]: Connection closed by authenticating user root 10.0.0.11 port 22 [preauth]
可以添加PAM授权,或者这里直接将UsePAM关闭
# /etc/ssh/sshd_config
UsePAM no
不支持ssh-rsa
# /var/log/message
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
May 41 14:26:26 my-test sshd[23819]: error: Received disconnect from 10.0.0.11 port 22:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
加上配置并重启service sshd restart
# /etc/ssh/sshd_config
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
网友评论