Skip to main content

Posts

Showing posts from May, 2016

ssh fingerprint authenticity prompt

The authenticity of host can't be established I faced a weird problem today:

A Jenkins post-build job is configured to deploy via scp to a target serverJenkins runs as "integration" userAs "integration"  user, I already made sure the server is in "known_hosts", by manually SSH connected to it (when SSH-ing to it, I'm not prompted about the target server's identity anymore)The Jenkins job is still prompted about the target server's identity What was really weird:
From the Jenkins job, the target server's fingerprint is RSA based and is d9:fa:90:e6:2b:d2:f7:92:8b:28:3f:94:1e:bf:1b:fa.From an SSH session, the target server's fingerprint is ECDSA based and is 0d:2a:c3:3b:8f:f1:e9:bc:1f:5d:68:d3:84:6d:71:a8.
This is becauseThe Jenkins SSH plugin I use is not up to date and still use weak and old fashioned algorithms: the negiciation stops at a weak one, DSA.The SSH client (in SSH session) negociation ends up a stronger algorithm, ECDSA.