How do I use SSH in a Jenkins pipeline?

Question

I have some Jenkins jobs defined using a Jenkins Pipeline Model Definition, which builds NPM projects. I use Docker containers to build these projects (using a common image

Answer 1

To add a remote host to known hosts and hopefully cope with your error try to manually ssh from the Jenkins host to the target host as the Jenkins user.

Get on the host where Jenkins is installed. Type

sudo su jenkins

Now use ssh or scp like

ssh username@server

You should be prompted like this:

The authenticity of host 'server (ip)' can't be established. ECDSA key fingerprint is SHA256:some-weird-string. Are you sure you want to continue connecting (yes/no)?

Type yes. The server will be permanently added as a known host. Don't even bother passing a password, just Ctrl + C and try running a Jenkins job.

Answer 2

I had a similar issue. I did not use label 'master', and I identified that the file transfer works across slaves, when I do it like this:

Step 1 - create SSH keys in remote host server, include the key to authorized_keys

Step 2 - Create credential using SSH keys in Jenkins, use the private key from the remote host

The below step is added to the pipeline:

stage ('Deploy') {
    steps{
        sshagent(credentials : ['use-the-id-from-credential-generated-by-jenkins']) {
            sh 'ssh -o StrictHostKeyChecking=no user@hostname.com uptime'
            sh 'ssh -v user@hostname.com'
            sh 'scp ./source/filename user@hostname.com:/remotehost/target'
        }
    }
}

Answer 3

Use the SSH agent plugin:

• SSH Agent Plugin
• SSH Agent Plugin

When using this plugin you can use the global credentials.

Answer 4

Like @haschibaschi recommends, I also use the ssh-agent plugin. I have a need to use my personal UID credentials on the remote machine, because it doesn't have any UID Jenkins account. The code looks like this (using, for example, my personal UID="myuid" and remote server hostname="non_jenkins_svr":

sshagent(['e4fbd939-914a-41ed-92d9-8eededfb9243']) {
    // 'myuid@' required for scp (this is from UID jenkins to UID myuid)
    sh "scp $WORKSPACE/example.txt myuid@non_jenkins_svr:${dest_dir}"
}

The ID e4fbd939-914a-41ed-92d9-8eededfb9243 was generated by the Jenkins credentials manager after I created a global domain credentials entry.

After creating the credentials entry, the ID is found under the "ID" column on the credentials page. When creating the entry, I selected type 'SSH Username with private key' ('Kind' field), and copied the RSA private key I had created for this purpose under the myuid account on host non_jenkins_svr without a passphrase.