Plugin Information
| Plugin ID |
ssh-slaves |
Changes |
In Latest Release
Since Latest Release |
Latest Release
Latest Release Date
Required Core
Dependencies |
1.9 (archives)
Nov 04, 2014
1.532
ssh-credentials (version:1.6.1)
credentials (version:1.9.4) |
Source Code
Issue Tracking
Pull Requests
Maintainer(s) |
GitHub
Open Issues
Pull Requests
Stephen Connolly (id: stephenconnolly)
Kohsuke Kawaguchi (id: kohsuke)
Olivier Lamy (id: olamy) |
| Usage |
 |
Installations |
2014-May 82986
2014-Jun 84101
2014-Jul 89366
2014-Aug 89446
2014-Sep 93946
2014-Oct 97101
2014-Nov 96928
2014-Dec 96870
2015-Jan 101205
2015-Feb 102099
2015-Mar 110634
2015-Apr 110070
 |
SSH Slaves plugin
This plugin allows you to manage slaves running on *nix machines over SSH. It adds a new type of slave launch method. This launch method will
- Open a SSH connection to the specified host as the specified username.
- Checks the default version of java for that user.
- [not implemented yet] If the default version is not compatible with Jenkins's slave.jar, tries to find a version of java that is.
- Once it has a suitable version of java, copies the latest slave.jar via SFTP.
- Starts the slave process.
Integration with SSH Credentials Plugin
As of version 0.23 this plugin is now integrated with the SSH Credentials Plugin. This changes how slaves are configured. The Node configuration is simplified, e.g. you now just have a Credentials drop down listing all the "Global" and "System" scoped credentials.
If you are upgrading from a previous version, the plugin should try to inject any required SSH credentials in the Credentials Plugin using the credentials that were previously stored in each node's definition.
To define credentials to use when connecting slaves you need to go to the Jenkins » Manage Jenkins » Manage Credentials screen 
Once on this screen you can add SSH credentials, either using a Username & Password or using a Username & Private Key 
Credential scope controls where the credentials can be used:
- System scope is only available for the root Jenkins instance (in other words Jenkins can use it to connect build nodes, but the credentials are not available to build jobs)
- Global scope is available for the root Jenkins instance and any child items (in other words Jenkins can use it to connect build nodes, build jobs can use it for other SSH Credentials enabled plugins)
When you have a lot of different credentials it can be useful to put those credentials into credential domains, e.g.
The drop-down for selecting credentials will construct a specification that includes the URI Scheme of ssh and the specified hostname and port, so where you have created the appropriate credential domains the choice of credentials will be restricted to those outside of any credential domain and those from matching credential domains. This can help differentiate between multiple keys/password associated with the same username.
Common Pitfalls
Login profile files
When the SSH slaves plugin connects to a slave, it does not run an interactive shell. Instead it does the equivalent of your running "ssh slavehost command..." a few times, eventually to run "ssh slavehost java -jar ...". Exactly what happens on the slave as a result of this depends on the SSHD implementation, but OpenSSH runs this with "bash -c command ..." (or whatever your login shell is.)
This means some of your login profiles that set up your environment is not read by your shell. See this post for more details.
If you need to set additional environment variables for slave, consider using EnvInject Plugin or write a wrapper script around java and specify that in the JavaPath field.
If your login shell does not understand the command syntax used (e.g. the fish shell), use the advanced options Prefix Start Slave Command and Suffix Start Slave Command to wrap the slave command in e.g. sh -c " and ".
Cygwin
See SSH slaves and Cygwin for the discussion of how to use this plugin to talk to Cygwin SSHD server.
Version History
Version 1.9 (Nov 04, 2014)
- Diagnosability improvements in case of a connection loss. See Remoting issue.
Version 1.8 (Oct 07, 2014)
- SECURITY-158 fix.
- German localization updated.
Version 1.7.1 (Sep 29, 2014)
- Fix NPE when trying to launch non-reconfigured slaves after upgrade to 1.7 version of plugin.
Version 1.7 (Sep 26, 2014)
- Protect against some cases where there is no private key resulting in an NPE (possible fix for JENKINS-20332)
- Updated help text
- Localization cleanup
- Improved error diagnostics
- Allow connection retries (Pull Request #19)
- Enforce timeout for connection cleanup (possible fix for JENKINS-14332)
Version 1.6 (Feb 5, 2014)
- Add initial connection timeout to prevent stalled connections from preventing slave connection.
- Update credentials plugin to 1.9.4 and ssh-credentials to 1.6.1 to ensure the in-place addition of credentials is available.
- Change the hard-coded JDK from 1.6.0_16 to 1.6.0_45
Version 1.5 (Oct 16, 2013)
- Fix to how credentials are sourced for the drop-down list
- Use credentials plugin's <c:select/> so that when credentials plugin adds the ability for in-place credential addition this can be picked up without modifying ssh-slaves
Version 1.4 (Oct 8, 2013)
Version 1.3 (Oct 4, 2013)
- Reworked the upgrading of credentials logic. Should be much improved and result in a true minimal initial set
Version 1.2 (Aug 8, 2013)
- Fixed binary compatibility for plugins depending on this one.
Version 1.1 (Aug 7, 2013)
- Forced upgrade of dependency SSH Credentials.
Version 1.0 (Aug 7, 2013)
- Upgrade dependencies to SSH Credentials Plugin 1.0 and Credentials Plugin 1.6 and migrated code from legacy data type to the new StandardCredential based types.
- NOTE: It will not be possible to downgrade to previous releases without risking the loss of some configuration data.
Version 0.27 (Jun 21, 2013)
- Reduce the # of threads spawned. Even more so with Jenkins 1.521 and onward.
Version 0.25 (Apr 17, 2013)
- When upgrading credentials from pre 0.23 format, ensure that the credentials are persisted with the correct security context for persisting system/global credentials (issue #17648)
Version 0.24 (Apr 16, 2013)
- Removed some unnecessary debug code that remained as a fragment during development of the bulk data transfer improvements in 0.23
- Added some Japanese localizations
- Prevented persistence of duplicate credentials under some code paths
- Restored support for empty username as indicator of the user that Jenkins is running as.
- Upgrade to latest version of te ssh-credentials plugin.
Version 0.23 (Mar 21, 2013)
- Rely on SSH Credentials Plugin for unified credential handling across different places that use SSH
- Performance improvement on bulk data transfer when used in a large latency/high bandwidth network (issue #7813)
Version 0.22 (Dec 07, 2012)
- Find slave.jar even when running from hudson-dev:run.
- Allow environment variables to be declared in the java path, that are then expanded according to environment variables declared on the node or globally.
Version 0.21 (Oct 26, 2011)
- Slave is slow copying maven artifacts to master (issue #3922).
Version 0.20 (Sep 28, 2011)
- JDK installation on SSH slaves with newer Jenkins was broken (issue #10641)
Version 0.19 (Aug 25, 2011)
- Fixed possible NPE during error recovery
- Improved the error message when the server doesn't support the configured authentication mode (issue #6714)
Version 0.18 (Jul 06, 2011)
- Ability to programmatically control the JDK to be installed
Version 0.17 (Jun 13, 2011)
- Fixed an API incompatibility regression introduced in 0.15.
Version 0.16 (Apr 28, 2011)
- Improved error diagnostics for unreadable SSH private key file.
Version 0.15 (Mar 26, 2011)
- New field to be able to configure the java command to use to start the slave
Version 0.14 (Nov 2, 2010)
- Delete file via ssh if SFTP is not available (issue #7006)
Version 0.13 (Aug 13, 2010)
- Added Japanese localization.
- Fixed deprecated api.
Version 0.12 (June 1, 2010)
- Avoid "password argument is null" error (issue #6620)
- Version check of JDKs was broken in locales that don't use '.' as the floating point separator (issue #6441)
- If SFTP is not available on the slave, use SCP (issue #6239)
- Hudson fails to detect JVM versions when loading older data (issue #4856)
Version 0.10 (May 2, 2010)
- Launcher was storing password in plaintext (issue #5363)
- Check node properties for JAVA_HOME and JDK tool path when locating java (issue #5412)
- Support for openjdk 7 (issue #6005)
Version 0.9 (December 9, 2009)
- JDK auto installation works on Windows+MKS environment (report)
Version 0.8 (October 23, 2009)
- Allow OpenJDK in Java discovery (report)
- Added a fool-proof check to detect a garbage in SSH exec session to avoid SFTP packet length problem (report)
Version 0.7 (July 27, 2009)
- Supports private keys in the PuTTY format.
- Fixed possible NPE (report)
Version 0.6 (July 20, 2009)
- Improved the error reporting if the plugin fails to find usable Java implementation (report)
- User name can be now omitted, which defaults to the user that's running the Hudson master.
Version 0.5 (April 28, 2009)
- Added support for specifying the Slave JVM options
Version 0.4 (February 2, 2009)
Version 0.3 (January 30, 2009)
Version 0.2 (June 14, 2008)
- Tidy-ups and i18n enabling the plugin
Version 0.1 (June 9, 2008)
Gliffy Diagram
Edit in Word
SSH Slaves plugin
Comments (22)
Feb 02, 2009
Bruce Painter says:
Anyway to get this page updated with the changes between versions?Anyway to get this page updated with the changes between versions?
May 11, 2009
Michal Huniewicz says:
I seem to be unable to upgrade to the latest (0.5.1) version. I have version 0....I seem to be unable to upgrade to the latest (0.5.1) version.
I have version 0.4 now and whenever I ask Hudson to update it and restart, it still says I have 0.4 and that I should update.
Does anyone have a similiar issue?
May 11, 2009
Bruce Painter says:
This appears to be a known issue: http://www.nabble.com/-Issue-3662--New---pom....This appears to be a known issue:
http://www.nabble.com/-Issue-3662--New---pom.xml-keeps-0.4-as-version-td23479562.html
You can manually get the updated plugin by going to:
https://hudson.dev.java.net/servlets/ProjectDocumentList?folderID=9380
Then install it through the Plugin Manager -> Advanced Tab
May 13, 2009
Krystian Nowak says:
You can also vote for https://hudson.dev.java.net/issues/show_bug.cgi?id=3662 C...You can also vote for https://hudson.dev.java.net/issues/show_bug.cgi?id=3662
Cheers!
Krystian
Aug 24, 2010
Michael March says:
Where can you post support questions for this plugin?Where can you post support questions for this plugin?
Oct 14, 2010
Gary Mann says:
Hi everyone, I'm using the SSH slaves plugin (0.13) on a Windows master (Window...Hi everyone,
I'm using the SSH slaves plugin (0.13) on a Windows master (Windows Server 2003, Apache Tomcat), and I'm trying to connect to a new RHEL5.0 Linux slave. I have other Linux slaves (RHEL4u5), and these all work fine with user/password authentication. However, I can't get this new slave to connect, and I simply get this error message:
[10/14/10 18:23:55] [SSH] Opening SSH connection to hostname:22.
[10/14/10 18:23:56] [SSH] Authenticating as username/******.
java.io.IOException: Password authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:319)
at com.trilead.ssh2.Connection.authenticateWithPassword(Connection.java:314)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:560)
at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:174)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:184)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: Authentication method password not supported by the server at this stage.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:289)
... 9 more
[10/14/10 18:23:56] [SSH] Connection closed.
At this point I'm completely stuck, and not sure where to go next. Google reveals many people with similar issues, but no solutions.
A few things spring to mind. Firstly, my RHEL5 slave has a 2048 bit SSH key, whereas the RHEL4 slaves have 1024 bit keys.Could there be an issue with the embedded SSH client?
Secondly, I'm not sure how to set up SSH properly as I'm unsure as to where the RSA keys used by the Hudson SSH client are kept (assuming they're completely unrelated to Cygwin/Putty).
Has anyone else out there with the same issue managed to find a solution?
Thanks in advance,
Gary
Oct 15, 2010
Gary Mann says:
Hello everyone again, I've just found the solution to this issue - essentially ...Hello everyone again,
I've just found the solution to this issue - essentially it's to do with the way that sshd is configured. I'm not sure if this is a default in RHEL5, or whether this is my company's site configuration, but it all hinges on the following line in /etc/sshd_config (or /etc/ssh/sshd_config):
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
If set to no, Hudson's SSH client won't be able to connect using password authentication. If you comment this line out (which I believe is the OpenSSH default), or set it to yes, then Hudson can connect just fine.
Hope this helps anyone else with the same issue,
Gary
Oct 29, 2010
oeuftete - says:
It absolutely helped me. Thanks!It absolutely helped me. Thanks!
Jun 06, 2011
Andor Tóth says:
Is there a way to have this plugin use the socket of the ssh-agent? I have set t...Is there a way to have this plugin use the socket of the ssh-agent? I have set the SSH_AUTH_SOCK environment variable and ForwardAgent option, but it seems useless.
I'm going to have many slaves, and I don't want to copy Jenkins' private key on them, just to enable git access through ssh.
Jun 06, 2011
Andor Tóth says:
Command execution solved the problem.Command execution solved the problem.
Jul 20, 2011
Said EL HADDATI says:
Is it possible to configure the port from which the Master will connect to the s...Is it possible to configure the port from which the Master will connect to the slave? By default the port is random.
Thanks
Jan 16, 2012
Nic Banister says:
01/10/12 09:58:30] [SSH] Opening SSH connection to <server name>:22. hudso...01/10/12 09:58:30] [SSH] Opening SSH connection to <server name>:22.
hudson.AbortException: The server doesn't support the password authentication
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:699)
at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:283)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:200)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
[01/10/12 09:58:30] [SSH] Connection closed.
Hi,After a recent unix server upgrade to our slaves, Hudson now fails to connect over SSH to them with the above message. I believe the issue to be that given the new servers now only support keyboard-interactive authentication, not password anymore, the connection fails. Can we add support to the plugin to either choose an authentication type or failover to keyboard-interactive if password fails? Internally, for other apps, using the same ganymed*. ssh library we've added the same fallback and its a very easy code change .Something like:
Mar 17, 2012
Jason A says:
Is this not supported on the latest version of Jenkins? It isn't showing up in m...Is this not supported on the latest version of Jenkins? It isn't showing up in my "available plugins" list.
Jan 23, 2013
Frank Merrow says:
I am trying (for the first time) to get a Windows Master to use a Linux slave. ...I am trying (for the first time) to get a Windows Master to use a Linux slave.
"Start by SSH" doesn't appear in the new node pull down, so I went looking for the SSH plugin . . . found it, it was disabled so I enabled it.
On Jenkins restart it disabled itself again. Upgraded to latest (.22) . . . but same result.
Is there something I need to install on Windows?
Frank
Apr 19, 2013
Aleksey Antsiferov says:
After upgrading our ssh slaves & ssh credentials plugin to latest, *all&...After upgrading our ssh slaves & ssh credentials plugin to latest, *all* slaves are unavailable. Did someone meet such behavior?
Aug 08, 2013
Jens Reimann says:
Well I have the same problem here. No credentials are available anymore. The dro...Well I have the same problem here. No credentials are available anymore. The dropdown box is empty. Although multiple non-domain credentials are defined.
Aug 08, 2013
Jens Reimann says:
It looks like as if the SSH plugin only finds SSH Key based credentials. Usernam...It looks like as if the SSH plugin only finds SSH Key based credentials. Username/password are ignored. But when I specify a key credentials it fails with a different exception:[08/08/13 15:26:30] SSH Opening SSH connection to xxx.intra:22.
ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins.
java.lang.NoSuchMethodError: com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(Ljava/lang/Object;Lcom/cloudbees/jenkins/plugins/sshcredentials/SSHUser;)Lcom/cloudbees/jenkins/plugins/sshcredentials/SSHAuthenticator;
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:949)
at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:488)
at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:230)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
[08/08/13 15:26:30] SSH Connection closed.
Oct 01, 2013
Olaf Lenz says:
I am trying to use this plugin in conjunction with the Multi slave config plugin...I am trying to use this plugin in conjunction with the Multi slave config plugin https://wiki.jenkins-ci.org/display/JENKINS/Multi+slave+config+plugin. Unfortunately, it does not seem to be possible to generate several slaves with different host names. Or am I doing something wrong? This would be a great enhancement of the plugin!
Sep 29, 2014
Vasily Ivanov says:
Version 1.7 seems to have introduced a bug. We're getting NullPointerException a...Version 1.7 seems to have introduced a bug. We're getting NullPointerException at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1198). Downgrading to version 1.6 fixes this issue.
Our Jenkins version is 1.565.2 LTS.
Sep 29, 2014
Maxime C. says:
Same behavior on my side. Using latest Jenkins version 1.582Same behavior on my side. Using latest Jenkins version 1.582
Jan 14
hbockelmann - says:
Is there any change to use different SSH credentials to launch the same slave in...Is there any change to use different SSH credentials to launch the same slave in different jobs?
For example you have the slave "unix1" that might be used for the job A and B, but job A should use ssh-key-A while job B should use ssh-key-B ... the choice which key to be used might be fixed for a job or might be given as a build parameter.
Feb 04
David W says:
Where is a 'Once it has a suitable version of java' defined? I need to incorpora...Where is a 'Once it has a suitable version of java' defined? I need to incorporate some very odd / old slaves. And i want to make sure I don't run foul of need an unsupported version of java.
Add Comment