jenkins使用SFTP发布SpringBoot的jar

使用安全的Publish over SSH，而不是有漏洞的SCP Publisher
jenkins不支持新的密钥格式
生成密钥ssh-keygen -t rsa -C "jenkins" -m PEM -P "" -f /var/lib/jenkins/.ssh/id_rsa
jenkins中配置Path to key为.ssh/id_rsa
如果提示无法读取文件，将id_rsa的拥有人改为jenkinschown jenkins /var/lib/jenkins/.ssh/id_rsa

image.png
最终会放到服务器配置的Remote Directory+部署处配置的Remote Directory位置。

PAM错误

# /var/log/message
error: PAM: Authentication failure for root from 10.0.0.11
May 41 11:48:09 microservices-test sshd[32047]: Connection closed by authenticating user root 10.0.0.11 port 22 [preauth]

可以添加PAM授权，或者这里直接将UsePAM关闭

# /etc/ssh/sshd_config
UsePAM no

不支持ssh-rsa

# /var/log/message
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
May 41 14:26:26 my-test sshd[23819]: error: Received disconnect from 10.0.0.11 port 22:3: com.jcraft.jsch.JSchException: Auth fail [preauth]

加上配置并重启service sshd restart

# /etc/ssh/sshd_config
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa

参考

• jenkins-publish-over-ssh-shows-error-jenkins-plugins-publish-over-bappublishere
• how-to-copy-file-from-local-machine-to-sftp-server-using-jenkins-pipeline
• access-denied-for-a-particular-user-by-pam-account-configuration