Jenkins 无法签出 Git 存储库 - 主机密钥验证失败

Question

当我从 Git 签出 Jenkinsfile 时，我以前工作的 Jenkins 作业现在因错误而失败，并显示消息

Checking out git git@github.com:org/repo into C:\Program Files (x86)\Jenkins\workspace\blah@script to read Jenkinsfile
No credentials specified
..... several lines detailing Git operations ....
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git@github.com:org/repo
.... more trace log ....
stderr: Host key verification failed.
fatal: Could not read from remote repository.

身份验证是通过 SSH 密钥进行的。 Jenkins 以我的本地用户身份运行（在 Manage Jenkins > System Information 选项卡中可见，通过 user.name 和 user.home 正确设置为保存 .ssh 目录的目录。

known_hosts 文件包含 GitHub 的密钥。

ssh -vT git@github.com 的运行会产生以下输出（对发布进行了少量替换）：

local-user>ssh -vT git@github.com
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Connecting to github.com [192.30.255.112] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\local-user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\local-user/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version babeld-3e010779
debug1: no match: babeld-3e010779
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:<key, possibly public but removed>
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\local-user/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:<key, probably my public key> C:\\Users\\local-user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.255.112]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi <MyGitName>! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2560, received 2236 bytes, in 0.3 seconds
Bytes per second: sent 9884.1, received 8633.2
debug1: Exit status 1

上周，相同的 Jenkinsfile、服务器配置和密钥都运行良好。我应该注意什么不小心改变了？我假设 Jenkins 要么没有找到密钥，要么找到了错误的密钥，但我不明白为什么。

我已经在 GitHub 上检查了存储库权限，此密钥的用户现在具有写入权限，但以前它即使只使用读取也可以工作。

Answer 1

Jenkins 通知我有新版本可用，所以我安装并重新启动了实例，现在问题消失了。

供其他人参考，版本如下（尽管这可能不是问题/解决方案 - 也许环境以某种方式变得混乱，重新启动是解决方案）：

上一个：2.171

新：2.172

Git 插件版本：2.7.6

Changelog:

What's new in 2.172 (2019-04-10) 
 Security fixes. (security advisory) 
What's new in 2.171 (2019-04-07) 
Community reported issues: 2×JENKINS-43995 2×JENKINS-39203 
 Expose the minimum supported version of remoting to allow future releases to reject incompatible agent connections. (issue 50095) 
 The setup wizard did not properly escape passwords, resulting in errors with certain special characters. (issue 56856) 
 Revert accidental change to hashCode computation of jenkins.util.TreeString in 2.168. (pull 3930) 
 Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line. (pull 3967, Storing Secrets in Jenkins) 
 Developer: Deprecated Run.getLogFile(), as it is not compatible with JEP-210. (pull 3963)

此处提到的安全公告是 2.172 链接中的唯一变化：security advisory。