使用安全的Publish over SSH,而不是有漏洞的SCP Publisher
jenkins不支持新的密鑰格式
生成密鑰ssh-keygen -t rsa -C "jenkins" -m PEM -P "" -f /var/lib/jenkins/.ssh/id_rsa
jenkins中配置Path to key
為.ssh/id_rsa
如果提示無(wú)法讀取文件蹋嵌,將id_rsa的擁有人改為jenkinschown jenkins /var/lib/jenkins/.ssh/id_rsa
最終會(huì)放到服務(wù)器配置的Remote Directory+部署處配置的Remote Directory位置句喜。
PAM錯(cuò)誤
# /var/log/message
error: PAM: Authentication failure for root from 10.0.0.11
May 41 11:48:09 microservices-test sshd[32047]: Connection closed by authenticating user root 10.0.0.11 port 22 [preauth]
可以添加PAM授權(quán)胖眷,或者這里直接將UsePAM關(guān)閉
# /etc/ssh/sshd_config
UsePAM no
不支持ssh-rsa
# /var/log/message
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
May 41 14:26:26 my-test sshd[23819]: error: Received disconnect from 10.0.0.11 port 22:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
加上配置并重啟service sshd restart
# /etc/ssh/sshd_config
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa