Cannot start SSH agent - "Cannot parse ssh-agent output "

Hi,

 

I'm trying to configure an SSH build step using the SSH agent to handle key management. I've added the private key and configured the SSH agent as a build feature as described in the documentation.

 

However when the build step runs I get the following error:

 

Cannot start SSH agent
com.jcraft.jsch.JSchException: Auth fail
 
If I enable debug logging and check teamcity-agent.log I can see the following stacktrace:
 
WARN - .SshAgentBuildFeatureAgentPart - Cannot start SSH agent
java.lang.RuntimeException: Cannot parse ssh-agent output
at jetbrains.buildServer.ssh.SshAgentBuildFeatureAgentPart.startAgent(SshAgentBuildFeatureAgentPart.java:122)
at jetbrains.buildServer.ssh.SshAgentBuildFeatureAgentPart.beforeRunnerStart(SshAgentBuildFeatureAgentPart.java:52)
at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at jetbrains.buildServer.util.EventDispatcher.dispatch(EventDispatcher.java:121)
at jetbrains.buildServer.util.EventDispatcher$2.invoke(EventDispatcher.java:68)
at com.sun.proxy.$Proxy6.beforeRunnerStart(Unknown Source)
at jetbrains.buildServer.agent.impl.buildStages.runnerStages.start.FireBeforeRunnerStartedStage.fireEvent(FireBeforeRunnerStartedStage.java:27)
at jetbrains.buildServer.agent.impl.buildStages.runnerStages.start.FireEventRunnerStageBase.doBuildStage(FireEventRunnerStageBase.java:29)
at jetbrains.buildServer.agent.impl.buildStages.RunnerStagesExecutor$1.callStage(RunnerStagesExecutor.java:25)
at jetbrains.buildServer.agent.impl.buildStages.RunnerStagesExecutor$1.callStage(RunnerStagesExecutor.java:18)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.callRunStage(StagesExecutor.java:78)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.doStages(StagesExecutor.java:37)
at jetbrains.buildServer.agent.impl.buildStages.RunnerStagesExecutor.doStages(RunnerStagesExecutor.java:18)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.RunnerContextExecutor.callRunnerStages(RunnerContextExecutor.java:43)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.StepExecutor.processNextStep(StepExecutor.java:25)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.executeRunnerStep(ForEachBuildRunnerStage.java:138)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.runStep(ForEachBuildRunnerStage.java:123)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.executeBuildRunners(ForEachBuildRunnerStage.java:83)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.doBuildStage(ForEachBuildRunnerStage.java:44)
at jetbrains.buildServer.agent.impl.buildStages.BuildStagesExecutor$1.callStage(BuildStagesExecutor.java:31)
at jetbrains.buildServer.agent.impl.buildStages.BuildStagesExecutor$1.callStage(BuildStagesExecutor.java:24)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.callRunStage(StagesExecutor.java:78)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.doStages(StagesExecutor.java:37)
at jetbrains.buildServer.agent.impl.buildStages.BuildStagesExecutor.doStages(BuildStagesExecutor.java:24)
at jetbrains.buildServer.agent.impl.BuildRunActionImpl.doStages(BuildRunActionImpl.java:75)
at jetbrains.buildServer.agent.impl.BuildRunActionImpl.runBuild(BuildRunActionImpl.java:55)
at jetbrains.buildServer.agent.impl.BuildAgentImpl.doActualBuild(BuildAgentImpl.java:297)
at jetbrains.buildServer.agent.impl.BuildAgentImpl.access$100(BuildAgentImpl.java:55)
at jetbrains.buildServer.agent.impl.BuildAgentImpl$1.run(BuildAgentImpl.java:261)
at java.lang.Thread.run(Thread.java:745)
 
I have manually connected to the SSH server using the same key and SSH on the command line, so I know the key is fine and the server is set up correctly. I'm now at a bit of a loss as the only other posts on this forum for the same issue don't have a resolution.
 
Thanks in advance.
2
27 comments

Also some extra info - SSH build steps work correctly if I select the "default private key" option and store the passphrase in the build step, instead of using the SSH agent.

0

Hello Adam,

What TeamCity version do you use?

Please check if the 'ssh-agent.exe' is in the PATH environment variable. If it isn't please add it there, on last git versions for windows it is located inside 'c:\Program Files\Git\usr\bin' directory. Did you upload the key in openssh format?

0

Any further insight on this? Getting the same error.

[2017-04-12 16:04:52,859] WARN - .SshAgentBuildFeatureAgentPart - Cannot start SSH agent
java.lang.RuntimeException: Cannot parse ssh-agent output
at jetbrains.buildServer.ssh.SshAgentBuildFeatureAgentPart.startAgent(SshAgentBuildFeatureAgentPart.java:122)

I'm trying to use the ssh-agent build feature. The key I've selected is the same one I'm using with my VCS settings and it works there.

TeamCity is running on windows with OpenSSH-Win64 installed, SSH Agent Windows Service is running, all are available on the %PATH%

0

Hi Grant, did you ever get this fixed by any chance? I have the same setup as you and am getting the same error. Thanks!

2
Avatar
Benjamin Schaeublin

I've got the same Issue when trying to get an ssh-agent run with an uploaded ssh key, with exact the same callstack and could not find a solution.

The ssh-agent is in PATH variable, the ssh-agent can be started over cmd. 

The SSH-Agent came with Git for Windows, version 2.11.1.1.

 

If anyone from jetbrains could provide some help, i would very appreciate it.

2

Trevor,

do you use the latest version of OpenSSH-Win64? I got same error with older versions (unfortunately I cannot find which ones), but the latest version from  https://www.mls-software.com/opensshd.html works fine.

1

I still have this issue on a Windows BuildAgent

Using the SSH Agent feature on a windows build server and get this error:
Cannot start SSH agent: java.lang.RuntimeException: Cannot parse ssh-agent output: ''

Have read the forums, and tickets, and tried fixes there (ssh-agent in path, etc).
Git distribution for Windows 2.16.x is installed on the build server (via https://chocolatey.org/packages/git).

The project VCS root has enabled: Authentication method: Uploaded Key
The uploaded key is used for client side checkout, and the machine key also has write access to the github repo.

We are trying to push the commits back as the last build step, powershell:

echo $env:PATH
# Work
git config user.name "Build Server"
git config user.email "email@email.com"
git add --force pact
git diff --cached --no-patch --exit-code
if ($LastExitCode -eq 0) {
Write-Host "No pacts to commit"
return;
}
git commit -m "Update PACTs"
git push origin "%teamcity.build.branch%

We have tried adding the path to ssh-agent in two ways:

1 - in the build config as an env.Path param which equals "%env.ProgramFiles%\git\usr\bin;%env.Path%"

2 - in the buildAgent.properties as: env.Path=%env.ProgramFiles%\\git\\usr\\bin;%env.PATH%

Neither work. The error still occurs.

I have sent the build log and the echo $env:PATH that the %env.ProgramFiles%\git\usr\bin is in the path. I've check the build server and that is there, and I can start SSH agent via an interactive PowerShell session from this path.

I've sent the teamcity agent log with debugging in via a support request.

1

Latrix,

please check if adding ssh-agent to the %Path% environment variable via windows control panel and restarting the agent helps.

1

Hi Dmitry this worked.

The error has gone away (although I'm still getting Host key verification failed).

What wasn' entirely clear in the documentation was that this path had to be added to the System Wide environment variables.

The doco states "The SSH agent must be added to $PATH on Unix-like OS's and to %PATH% on Windows."

On the agent I had added it to the path in the build AND the buildAgent.properties. Clarification in the documentation that the system path needs to be updated would make it a bit clearer.

 

1

Host key verification failed was fixed by Disabling SSH host key checking.

1

Also having the same error with the SSH Agent build feature: Failed to start SSH Agent: java.lang.RuntimeException: Cannot parse ssh-agent output: ''

Turned on debug logging for the agent, but didn't really get me much more.

[2018-06-25 18:06:09,827] WARN - .SshAgentBuildFeatureAgentPart - Failed to start SSH Agent
java.lang.RuntimeException: Cannot parse ssh-agent output: ''
at jetbrains.buildServer.ssh.SshAgentBuildFeatureAgentPart.startAgent(SshAgentBuildFeatureAgentPart.java:134)
at jetbrains.buildServer.ssh.SshAgentBuildFeatureAgentPart.beforeRunnerStart(SshAgentBuildFeatureAgentPart.java:55)
at sun.reflect.GeneratedMethodAccessor33.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at jetbrains.buildServer.util.EventDispatcher$3.run(EventDispatcher.java:126)
at jetbrains.buildServer.util.NamedThreadFactory.executeWithNewThreadName(NamedThreadFactory.java:71)
at jetbrains.buildServer.util.EventDispatcher.dispatch(EventDispatcher.java:120)
at jetbrains.buildServer.util.EventDispatcher$2.invoke(EventDispatcher.java:70)
at com.sun.proxy.$Proxy6.beforeRunnerStart(Unknown Source)
at jetbrains.buildServer.agent.impl.buildStages.runnerStages.start.FireBeforeRunnerStartedStage.fireEvent(FireBeforeRunnerStartedStage.java:27)
at jetbrains.buildServer.agent.impl.buildStages.runnerStages.start.FireEventRunnerStageBase.doBuildStage(FireEventRunnerStageBase.java:29)
at jetbrains.buildServer.agent.impl.buildStages.RunnerStagesExecutor$1.callStage(RunnerStagesExecutor.java:25)
at jetbrains.buildServer.agent.impl.buildStages.RunnerStagesExecutor$1.callStage(RunnerStagesExecutor.java:18)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.callRunStage(StagesExecutor.java:78)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.doStages(StagesExecutor.java:37)
at jetbrains.buildServer.agent.impl.buildStages.RunnerStagesExecutor.doStages(RunnerStagesExecutor.java:18)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.RunnerContextExecutor.callRunnerStages(RunnerContextExecutor.java:43)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.StepExecutor.processNextStep(StepExecutor.java:25)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.executeRunnerStep(ForEachBuildRunnerStage.java:138)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.runStep(ForEachBuildRunnerStage.java:123)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.executeBuildRunners(ForEachBuildRunnerStage.java:83)
at jetbrains.buildServer.agent.impl.buildStages.startStages.steps.ForEachBuildRunnerStage.doBuildStage(ForEachBuildRunnerStage.java:44)
at jetbrains.buildServer.agent.impl.buildStages.BuildStagesExecutor$1.callStage(BuildStagesExecutor.java:31)
at jetbrains.buildServer.agent.impl.buildStages.BuildStagesExecutor$1.callStage(BuildStagesExecutor.java:24)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.callRunStage(StagesExecutor.java:78)
at jetbrains.buildServer.agent.impl.buildStages.StagesExecutor.doStages(StagesExecutor.java:37)
at jetbrains.buildServer.agent.impl.buildStages.BuildStagesExecutor.doStages(BuildStagesExecutor.java:24)
at jetbrains.buildServer.agent.impl.BuildRunActionImpl.doStages(BuildRunActionImpl.java:75)
at jetbrains.buildServer.agent.impl.BuildRunActionImpl.runBuild(BuildRunActionImpl.java:55)
at jetbrains.buildServer.agent.impl.BuildAgentImpl.doActualBuild(BuildAgentImpl.java:295)
at jetbrains.buildServer.agent.impl.BuildAgentImpl.access$100(BuildAgentImpl.java:53)
at jetbrains.buildServer.agent.impl.BuildAgentImpl$1.run(BuildAgentImpl.java:259)
at java.lang.Thread.run(Thread.java:748)

We are using the key successfully for all our builds (as part of the VCS config).  I had also tried putting it (private key) in C:\Users\Teamcity\.ssh\id_rsa , but didn't work.  Also tried restarting the server entirely.  Note that the agent is running under a user named 'teamcity'.

We are using OpenSSH version: 7.6p1 

It's in the system path on the server - before this we got 'cannot find ssh-agent' errors.

Any ideas?

0

Chris, ensure that openssh is installed on the build agent machine (the SSH Agent is running there, not on the TeamCity server).

0

Yup, that's what we have - our Teamcity server itself is Linux, but the agents for our windows builds are Windows 2016.  That log snippet I posted was from the build agent.

0

Is the `ssh-agent` in the PATH on the agent machine?

0

Yup, as mentioned above.  If it's not in the PATH, you get a different error.

0

What TeamCity version do you use? What is the output of the 'ssh-agent' command if you run it manually on a build agent machine?

0

Version: 2017.2.3 (build 51047)

It returns a blank line, no output.  It's also running as a service - could that be part of the issue?

0

I think it could. Please check if it works when the ssh-agent service is stopped.

0

Eh, it blows up with this:

[2018-06-25 19:06:31,812] WARN - .SshAgentBuildFeatureAgentPart - Failed to start SSH Agent
[2018-06-25 19:06:31,812] WARN - .SshAgentBuildFeatureAgentPart - 'ssh-agent -s -a C:\BuildAgent\temp\buildTmp\ssh2276829578978538172sock' command failed
stderr: unable to start ssh-agent service, error :1058
exit code: 255

[Step 1/1] 'ssh-agent -s -a C:\BuildAgent\temp\buildTmp\ssh2276829578978538172sock' command failed stderr: unable to start ssh-agent service, error :1058 exit code: 255

That was with the service set to 'disabled'.  When I simply stopped it, it returns the same error as before (cannot parse).

0

Eh, this has to be our install of OpenSSH causing issues.  On another box, ssh-agent returns a bunch of info about pid and sock.  Sorry about that!

0

Please check the location of the ssh-agent executable  (run `where ssh-agent`). Is it in the windows\system32 directory? If so, then please check if specifying a path to the ssh-agent from git distribution before windows\system32 helps.

0

It's not in windows\system32, it's in "C:\Program Files\OpenSSH\" - the default location for OpenSSH.  Like I mentioned above, this doesn't seem to be a path issue, but more likely something is up with the configuration/install of OpenSSH.  Another server built using the same process has the same 'issue' with ssh-agent not outputting anything when run.  I am guessing that the SSH Agent build feature requires some kind of output to validate that it's working correctly - since our servers aren't outputting anything, it blows up.  (hence cannot parse '')

Pretty sure this is a config/install issue because when I run 'ssh-agent.exe' on a box with msysgit, I get output.

0

Here's what I did to get this working:

On the repo:  Added the deploy_key (public) as a write-enabled key to the repo we are trying to release

On the agent:

  • Install OpenSSH via chocolatey (cinst -y openssh)
  • Ensure 'C:\Program Files\OpenSSH' is in the system PATH
  • Reboot the agent server (might be able to just restart the TC agent service?)
  • Create a user 'teamcity' with password
  • Set that user/pass as the teamcity agent service 'log on as' (we do this already to prevent issues with dotnetcore, also kinda required for the below to work)
  • Add the deploy_key (private) as C:\users\teamcity\.ssh\deploy_key
  • Log on to the agent with the teamcity user
  • Remove all NTFS permissions on deploy_key except the teamcity user (ssh-add blows up if you don't do this)
  • Run 'ssh-add c:\users\teamcity\.ssh\deploy_key'
  • EDIT: We also had to run git config cmds for the user/email, else the git scripts would blow up.  Maybe there's a way to ignore this.

We can now do git operations on the repo.  \o/

0

Seems the issue is when you using  https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse

(Check it with powershell command `Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'`)

instead of the git provided ssh-agent.

The WindowsCapability seems to make no output on success

0

I am new to teamcity, please help how to setup ssh-agent on linux docker-agent.

0

Just wanted to leave a note here that we ran into this problem recently when trying to set up a new secondary agent server. This was on:

  • OLD Agent server (working) - Windows Server 2012
  • NEW Agent server (not working) - Windows Server 2022
  • Agent build version - 108886
  • TC version 2022.04.5 (build 108886)

Everything worked on the old server. We were receiving the error on our new server:

Failed to start SSH Agent: java.lang.RuntimeException: Cannot parse ssh-agent output: ''

What we found after comparing the system PATH variable between old and new server, was that we had to REMOVE the following path:

%SYSTEMROOT%\System32\OpenSSH\

And then replace it with the path to the github distribution of openssh:

C:\Windows\System32\OpenSSH
Once this was done, running the ssh-agent command from command line did give us output:
C:\Users\teamcity>ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-9gEyGjoZrbXt/agent.776; export SSH_AUTH_SOCK;
SSH_AGENT_PID=777; export SSH_AGENT_PID;
echo Agent pid 777;

After restarting the new agent server, we tested our builds that use the SSH agent build feature and they are working now.

0

Thanks for reporting your issue and sharing your solution. This is a known issue with the OpenSSH that is bundled with Windows. It seems the Windows version of OpenSSH does not provide a complete response to all commands. There is also a related issue reported to the Microsoft OpenSSH Github here: https://github.com/PowerShell/Win32-OpenSSH/issues/1145.

Using the version of OpenSSH that is bundled with Git or using the CygWin version is the recommended workaround, as you've already discovered on your own.

0

Please sign in to leave a comment.