Skip to main content

Posts

Showing posts from May, 2016

ssh fingerprint authenticity prompt

The authenticity of host can't be established I faced a weird problem today: A Jenkins post-build job is configured to deploy via scp to a target server Jenkins runs as "integration" user As "integration"  user, I already made sure the server is in "known_hosts", by manually SSH connected to it ( when SSH-ing to it, I'm not prompted about the target server's identity anymore ) The Jenkins job is still prompted about the target server's identity What was really weird: From the Jenkins job, the target server's fingerprint is RSA based and is d9:fa:90:e6:2b:d2:f7:92:8b:28:3f:94:1e:bf:1b:fa. From an SSH session, the target server's fingerprint is ECDSA based and is 0d:2a:c3:3b:8f:f1:e9:bc:1f:5d:68:d3:84:6d:71:a8. This is because The Jenkins SSH plugin I use is not up to date and still use weak and old fashioned algorithms: the negiciation stops at a weak one, DSA. The SSH client (in SSH session) negociation ends up