[JENKINS-69552] Passphrase Authentication Fails

[jenkins-infra-bot]

The Problem 
The Jenkins SSH Agent Plugin is failing to successfully load a key with a passphrase that is stored with the Credentials Plugin. The Jenkins Agent is running on the same machine as the Controller.

The error seems to be saying that the script used to load the passphrase doesn't exist.  I don't know if it exists or how to test that, as I'm assuming it's meant to be deleted quickly.  Therefore, I'm not sure if the problem is with the SSH Agent Plugin, or Credentials Plugin or a combination/interaction of both plugins.

The ssh-agent Binary on the Host Works  
The problem does not seem to be with the host system, as I am able to successfully use ssh-add from the command line with the referenced key and passphrase.

The SSH Agent Plugin Partially Works  
The username, private key and passphrase have been added into the Jenkins Controller utilizing the Credentials Plugin. The SSH Agent Plugin works as expected with a plugin that does not have a passphrase.

My pipeline is simple  

pipeline {
    agent any
    options {
        ansiColor('xterm')
    }
    stages {
        stage("setup environment") {
            steps {
                deleteDir()
            } //steps
        } //stage - setup environment
        stage("Test the key") {
            steps {
                sshagent(['testkey']) {
                    sh "ssh host whoami"
                } //sshagent
            } //steps
        } //stage - Test the key
    } //stages
} //pipeline

The output looks like this  

[Pipeline] {
[Pipeline] sshagent
[ssh-agent] Using credentials testkey (Test key with passphrase)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Exec ssh-agent (binary ssh-agent on a remote machine)
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-oKcZZF65GvXc/agent.31647
SSH_AGENT_PID=31650
Running ssh-add (command line suppressed)
ssh_askpass: exec(/var/lib/jenkins/workspace/testing@​tmp/askpass_11086250741160980548.sh): No such file or directory
[Pipeline] // sshagent
[Pipeline] }
.
.  (I removed the extraneous output showing the closing of each section.)
.
ERROR: Failed to run ssh-add
Finished: FAILURE

I've found similar issues where Jenkins was having issues interacting with the ssh-agent tools, however this isn't the case here.  The indicated problem is with the script that (I'm guessing) provides the key and passphrase to ssh-agent.  

For example, [this post](https://stackoverflow.com/questions/63565578/ssh-askpass-exec-usr-bin-ssh-askpass-no-such-file-or-directory-permission-de) describes an issue with the ssh-askpass binary while executing ssh-add on the client.

ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied, please try again.

In my scenario,

ssh-add

is being executed by the ssh-agent plugin on the Jenkins Controller, which is where the Jenkins Agents are launched. And the error isn't with the ssh-askpass binary, but rather the @​tmp/askpass_####.sh script that Jenkins generates to interact with ssh-askpass.

Some posts have suggested removing or adding trailing newlines, however their symptoms are slightly different.  I have tried these suggestions with no success.

• Is there a way to test things further?
• Is there more logging that I can turn on?  
• What is the experiment that would isolate a component and expose the root cause?

My question is similar to [this question](https://stackoverflow.com/questions/59879395/ssh-askpass-exec-app-jenkins-slave-workspace-footmp-askpass-foo-sh-no-such), however I have added additional information in hopes that I'm clearly stating the issue and the surrounding context.

---

Originally reported by jbuck, imported from: Passphrase Authentication Fails

• assignee: jvz
• status: Open
• priority: Minor
• component(s): ssh-agent-plugin, ssh-credentials-plugin
• resolution: Unresolved
• votes: 0
• watchers: 1
• imported: 20251215-193512

Raw content of original issue

The Problem 
The Jenkins SSH Agent Plugin is failing to successfully load a key with a passphrase that is stored with the Credentials Plugin. The Jenkins Agent is running on the same machine as the Controller.

The error seems to be saying that the script used to load the passphrase doesn't exist.  I don't know if it exists or how to test that, as I'm assuming it's meant to be deleted quickly.  Therefore, I'm not sure if the problem is with the SSH Agent Plugin, or Credentials Plugin or a combination/interaction of both plugins.

The ssh-agent Binary on the Host Works  
The problem does not seem to be with the host system, as I am able to successfully use ssh-add from the command line with the referenced key and passphrase.

The SSH Agent Plugin Partially Works  
The username, private key and passphrase have been added into the Jenkins Controller utilizing the Credentials Plugin. The SSH Agent Plugin works as expected with a plugin that does not have a passphrase.

My pipeline is simple  

pipeline {
    agent any
    options {
        ansiColor('xterm')
    }
    stages {
        stage("setup environment") {
            steps {
                deleteDir()
            } //steps
        } //stage - setup environment
        stage("Test the key") {
            steps {
                sshagent(['testkey']) {
                    sh "ssh host whoami"
                } //sshagent
            } //steps
        } //stage - Test the key
    } //stages
} //pipeline


The output looks like this  

[Pipeline] {
[Pipeline] sshagent
[ssh-agent] Using credentials testkey (Test key with passphrase)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Exec ssh-agent (binary ssh-agent on a remote machine)
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-oKcZZF65GvXc/agent.31647
SSH_AGENT_PID=31650
Running ssh-add (command line suppressed)
ssh_askpass: exec(/var/lib/jenkins/workspace/testing@tmp/askpass_11086250741160980548.sh): No such file or directory
[Pipeline] // sshagent
[Pipeline] }
.
.  (I removed the extraneous output showing the closing of each section.)
.
ERROR: Failed to run ssh-add
Finished: FAILURE


I've found similar issues where Jenkins was having issues interacting with the ssh-agent tools, however this isn't the case here.  The indicated problem is with the script that (I'm guessing) provides the key and passphrase to ssh-agent.  
For example, [this post](https://stackoverflow.com/questions/63565578/ssh-askpass-exec-usr-bin-ssh-askpass-no-such-file-or-directory-permission-de) describes an issue with the ssh-askpass binary while executing ssh-add on the client.

ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied, please try again.


In my scenario,

ssh-add

is being executed by the ssh-agent plugin on the Jenkins Controller, which is where the Jenkins Agents are launched. And the error isn't with the ssh-askpass binary, but rather the @tmp/askpass_####.sh script that Jenkins generates to interact with ssh-askpass.
Some posts have suggested removing or adding trailing newlines, however their symptoms are slightly different.  I have tried these suggestions with no success.

	
Is there a way to test things further?
	
Is there more logging that I can turn on?  
	
What is the experiment that would isolate a component and expose the root cause?

My question is similar to [this question](https://stackoverflow.com/questions/59879395/ssh-askpass-exec-app-jenkins-slave-workspace-footmp-askpass-foo-sh-no-such), however I have added additional information in hopes that I'm clearly stating the issue and the surrounding context.

environment

RHEL7<br/>
Jenkins 2.359<br/>
SSH Agent Plugin Version 295.v9ca_a_1c7cc3a_a_<br/>
Credentials Plugin Version 1143.vb_e8b_b_ceee347<br/>
OpenSSH_8.8p1a