java.lang.IllegalStateException: Connection is not established!

Jenkins JIRA | Shea Tomsin | 1 year ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    [JIRA] [ssh-credentials-plugin] (JENKINS-31549) sshcredentials via trilead-ssh2 Cannot Connect to Servers Requiring Strong MACs

    Google Groups | 1 year ago | sheatomsin@gmail.com (JIRA)
    java.lang.IllegalStateException: Connection is not established!
  2. 0

    master cannot connect to slave {code:none|title=/var/log/secure on slave reports} sshd[1978]: fatal: no matching mac found: client hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 server hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 {code} master reports {code:none} Key exchange was not finished, connection is closed. ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) {code} This is related to JENKINS-26379 but the comments in that ticket only hint at the issue which, to writ, is: https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/crypto/digest/MAC.java {code:none|title=com.trilead.ssh2.crypto.digest.MAC} public final static String[] getMacList() { /* Higher Priority First */ return new String[] { "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" }; } {code} See https://stribika.github.io/2015/01/04/secure-secure-shell.html {quote} Here are the available MAC choices: hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 umac-64 umac-128 hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com hmac-ripemd160-etm@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com The selection considerations: Security of the hash algorithm: No MD5 and SHA1. Yes, I know that HMAC-SHA1 does not need collision resistance but why wait? Disable weak crypto today. Encrypt-then-MAC: I am not aware of a security proof for CTR-and-HMAC but I also don't think CTR decryption can fail. Since there are no downgrade attacks, you can add them to the end of the list. You can also do this on a host by host basis so you know which ones are less safe. Tag size: At least 128 bits. This eliminates umac-64-etm. Key size: At least 128 bits. This doesn't eliminate anything at this point. Recommended /etc/ssh/sshd_config snippet: {code:none} MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com {code} {quote}

    Jenkins JIRA | 1 year ago | Shea Tomsin
    java.lang.IllegalStateException: Connection is not established!
  3. 0

    master cannot connect to slave {code:none|title=/var/log/secure on slave reports} sshd[1978]: fatal: no matching mac found: client hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 server hmac-sha2-512,hmac-sha2-256,hmac-ripemd160 {code} master reports {code:none} Key exchange was not finished, connection is closed. ERROR: Unexpected error in launching a slave. This is probably a bug in Jenkins. java.lang.IllegalStateException: Connection is not established! at com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88) at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207) at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169) at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711) at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) {code} This is related to JENKINS-26379 but the comments in that ticket only hint at the issue which, to writ, is: https://github.com/jenkinsci/trilead-ssh2/blob/master/src/com/trilead/ssh2/crypto/digest/MAC.java {code:none|title=com.trilead.ssh2.crypto.digest.MAC} public final static String[] getMacList() { /* Higher Priority First */ return new String[] { "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" }; } {code} See https://stribika.github.io/2015/01/04/secure-secure-shell.html {quote} Here are the available MAC choices: hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 umac-64 umac-128 hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com hmac-ripemd160-etm@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com The selection considerations: Security of the hash algorithm: No MD5 and SHA1. Yes, I know that HMAC-SHA1 does not need collision resistance but why wait? Disable weak crypto today. Encrypt-then-MAC: I am not aware of a security proof for CTR-and-HMAC but I also don't think CTR decryption can fail. Since there are no downgrade attacks, you can add them to the end of the list. You can also do this on a host by host basis so you know which ones are less safe. Tag size: At least 128 bits. This eliminates umac-64-etm. Key size: At least 128 bits. This doesn't eliminate anything at this point. Recommended /etc/ssh/sshd_config snippet: {code:none} MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com {code} {quote}

    Jenkins JIRA | 1 year ago | Shea Tomsin
    java.lang.IllegalStateException: Connection is not established!
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Jenkins - ssh connection exception

    Stack Overflow | 2 years ago | Mohit Sharma
    java.lang.IllegalStateException: Connection is not established!
  6. 0

    Jenkins master fails to connect to the slave over SSH

    Stack Overflow | 2 years ago | Tanel Mae
    java.lang.IllegalStateException: Connection is not established!

    4 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalStateException

      Connection is not established!

      at com.trilead.ssh2.Connection.getRemainingAuthMethods()
    2. Trilead
      Connection.getRemainingAuthMethods
      1. com.trilead.ssh2.Connection.getRemainingAuthMethods(Connection.java:1030)
      1 frame
    3. com.cloudbees.jenkins
      SSHAuthenticator.newInstance
      1. com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.getRemainingAuthMethods(TrileadSSHPublicKeyAuthenticator.java:88)
      2. com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.canAuthenticate(TrileadSSHPublicKeyAuthenticator.java:80)
      3. com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:207)
      4. com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.newInstance(SSHAuthenticator.java:169)
      4 frames
    4. hudson.plugins.sshslaves
      SSHLauncher$2.call
      1. hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1212)
      2. hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:711)
      3. hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:706)
      3 frames
    5. Java RT
      Thread.run
      1. java.util.concurrent.FutureTask.run(FutureTask.java:262)
      2. java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      3. java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      4. java.lang.Thread.run(Thread.java:745)
      4 frames