Connection refused when connecting to Docker SSH agent

I’ve followed this guide on how to create a Jenkins agent using Docker and SSH, and have not been able to get it working. I’ve followed the steps on this page in full twice now, and no matter what I do I always get the following output on my agent:

SSHLauncher{host='localhost', port=4445, credentialsId='jenkins-ssh', jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='', launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15, sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.ManuallyTrustedKeyVerificationStrategy, tcpNoDelay=true, trackCredentials=true}
[11/15/24 01:21:17] [SSH] Opening SSH connection to localhost:4445.
Connection refused
SSH Connection failed with IOException: "Connection refused", retrying in 15 seconds. There are 10 more retries left.

I tried with the default port of 22, as well as with custom ports of 4444 and 4445, neither of which yielded a different result. I also can’t find anyone online who is having the same issue as me.

Does anyone know what I’m doing wrong?

Jenkins setup:
Jenkins: 2.479.1
OS: Linux - 6.10.11-linuxkit
Java: 17.0.13 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)

ant:511.v0a_a_1a_334f41b_
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
asm-api:9.7.1-97.v4cc844130d97
authentication-tokens:1.119.v50285141b_7e1
blueocean:1.27.16
blueocean-bitbucket-pipeline:1.27.16
blueocean-commons:1.27.16
blueocean-config:1.27.16
blueocean-core-js:1.27.16
blueocean-dashboard:1.27.16
blueocean-display-url:2.4.3
blueocean-events:1.27.16
blueocean-git-pipeline:1.27.16
blueocean-github-pipeline:1.27.16
blueocean-i18n:1.27.16
blueocean-jwt:1.27.16
blueocean-personalization:1.27.16
blueocean-pipeline-api-impl:1.27.16
blueocean-pipeline-editor:1.27.16
blueocean-pipeline-scm-api:1.27.16
blueocean-rest:1.27.16
blueocean-rest-impl:1.27.16
blueocean-web:1.27.16
bootstrap5-api:5.3.3-1
bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_
branch-api:2.1200.v4b_a_3da_2eb_db_4
build-timeout:1.33
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.2.1
cloudbees-bitbucket-branch-source:910.v5b_9b_36e0379e
cloudbees-folder:6.955.v81e2a_35c08d3
commons-lang3-api:3.17.0-84.vb_b_938040b_078
commons-text-api:1.12.0-129.v99a_50df237f7
credentials:1389.vd7a_b_f5fa_50a_2
credentials-binding:687.v619cb_15e923f
dark-theme:479.v661b_1b_911c01
display-url-api:2.209.v582ed814ff2f
docker-commons:445.v6b_646c962a_94
docker-workflow:580.vc0c340686b_54
durable-task:577.v2a_8a_4b_7c0247
echarts-api:5.5.1-4
eddsa-api:0.3.0-4.v84c6f0f4969e
email-ext:1855.vd9e491cb_de1e
favorite:2.221.v19ca_666b_62f5
font-awesome-api:6.6.0-2
git:5.6.0
git-client:6.1.0
github:1.40.0
github-api:1.321-478.vc9ce627ce001
github-branch-source:1807.v50351eb_7dd13
gradle:2.13.1
gson-api:2.11.0-85.v1f4e87273c33
handy-uri-templates-2-api:2.1.8-30.v7e777411b_148
htmlpublisher:1.37
instance-identity:201.vd2a_b_5a_468a_a_6
ionicons-api:74.v93d5eb_813d5f
jackson2-api:2.17.0-379.v02de8ec9f64c
jakarta-activation-api:2.1.3-1
jakarta-mail-api:2.1.3-1
javax-activation-api:1.2.0-7
jaxb:2.3.9-1
jenkins-design-language:1.27.16
jjwt-api:0.11.5-112.ve82dfb_224b_a_d
joda-time-api:2.13.0-93.v9934da_29b_a_e9
jquery3-api:3.7.1-2
json-api:20240303-101.v7a_8666713110
json-path-api:2.8.0-5.v07cb_a_1ca_738c
junit:1309.v0078b_fecd6ed
ldap:770.vb_455e934581a_
mailer:489.vd4b_25144138f
matrix-auth:3.2.3
matrix-project:840.v812f627cb_578
metrics:4.2.21-458.vcf496cb_839e4
mina-sshd-api-common:2.14.0-133.vcc091215a_358
mina-sshd-api-core:2.14.0-133.vcc091215a_358
okhttp-api:4.11.0-181.v1de5b_83857df
pam-auth:1.11
pipeline-build-step:540.vb_e8849e1a_b_d8
pipeline-github-lib:61.v629f2cc41d83
pipeline-graph-analysis:216.vfd8b_ece330ca_
pipeline-graph-view:382.vb_9a_27b_7b_ea_71
pipeline-groovy-lib:744.v5b_556ee7c253
pipeline-input-step:495.ve9c153f6067b_
pipeline-milestone-step:119.vdfdc43fc3b_9a_
pipeline-model-api:2.2218.v56d0cda_37c72
pipeline-model-definition:2.2218.v56d0cda_37c72
pipeline-model-extensions:2.2218.v56d0cda_37c72
pipeline-stage-step:312.v8cd10304c27a_
pipeline-stage-tags-metadata:2.2218.v56d0cda_37c72
plain-credentials:183.va_de8f1dd5a_2b_
plugin-util-api:5.1.0
pubsub-light:1.18
resource-disposer:0.25
scm-api:698.v8e3b_c788f0a_6
script-security:1369.v9b_98a_4e95b_2d
snakeyaml-api:2.3-123.v13484c65210a_
sse-gateway:1.27
ssh-credentials:343.v884f71d78167
ssh-slaves:2.973.v0fa_8c0dea_f9f
structs:338.v848422169819
theme-manager:262.vc57ee4a_eda_5d
timestamper:1.28
token-macro:400.v35420b_922dcb_
trilead-api:2.147.vb_73cc728a_32e
variant:60.v7290fc0eb_b_cd
workflow-aggregator:600.vb_57cdd26fdd7
workflow-api:1336.vee415d95c521
workflow-basic-steps:1058.vcb_fc1e3a_21a_9
workflow-cps:3993.v3e20a_37282f8
workflow-durable-task-step:1378.v6a_3e903058a_3
workflow-job:1468.vcf4f5ee92395
workflow-multibranch:795.ve0cb_1f45ca_9a_
workflow-scm-step:427.v4ca_6512e7df1
workflow-step-api:678.v3ee58b_469476
workflow-support:932.vb_555de1b_a_b_94
ws-cleanup:0.48

Unfortunately, you didn’t link to the guide that you followed. It is easier for others if they can use the steps that you used.

I started a docker ssh agent process using the command line from the documentation like this:

docker run -d --rm --name=agent \
    --publish 2200:22 \
    -e "JENKINS_AGENT_SSH_PUBKEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoGWb80kSBywPtvWbgeng7itaw7Tu6d/nXaxIKTQ05Z" \
    jenkins/ssh-agent

I configured the agent in my Jenkins controller to:

• use host testing-b.markwaite.net
• use port 2200 instead of the default port 22
• use a credential that was the private key associated with the public key that is listed on the docker run command line
• use /home/jenkins/agent as the home directory

Note that I initially had surrounded the public key with single quotes in order to retain the space that is part of the public key argument, but I had to remove those single quotes after reading the documentation page.

Hi, first apologies on forgetting the link, I have updated the post.

Second, I followed your steps and I’m still getting “Connection refused”. Some things:

• I’m trying to connect to a Docker SSH agent that is running on my local computer (so everything here is ‘localhost’).
• I tried with port 2200, didn’t change things.
• I’m using the correct public key/private key pair.
• I’m setting home directory as /home/jenkins/agent like you said. This, by the way, is not what the guide says, it says to just use /home/jenkins. I had to reference the documentation for the agent image to figure this out.
• I prepare my commands in another text editor, and then copy-paste the entire command over to the Docker console. The agent container did not have issues starting up.
• Below is the output for the log for my agent container:

2024-11-15 13:44:22 + [[ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpMwzAcZBsJ2Poykbz0JXBApbcpwXnK7LwXZ1uXVQ09 == ssh-* ]]
2024-11-15 13:44:22 + write_key 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpMwzAcZBsJ2Poykbz0JXBApbcpwXnK7LwXZ1uXVQ09'
2024-11-15 13:44:22 + local ID_GROUP
2024-11-15 13:44:22 ++ stat -c %U:%G /home/jenkins
2024-11-15 13:44:22 + ID_GROUP=jenkins:jenkins
2024-11-15 13:44:22 + mkdir -p /home/jenkins/.ssh
2024-11-15 13:44:22 + echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpMwzAcZBsJ2Poykbz0JXBApbcpwXnK7LwXZ1uXVQ09'
2024-11-15 13:44:22 + chown -Rf jenkins:jenkins /home/jenkins/.ssh
2024-11-15 13:44:22 + chmod 0700 -R /home/jenkins/.ssh
2024-11-15 13:44:22 + [[ '' == ssh-* ]]
2024-11-15 13:44:22 + env
2024-11-15 13:44:22 + grep _
2024-11-15 13:44:22 + [[ 0 -gt 0 ]]
2024-11-15 13:44:22 + ssh-keygen -A
2024-11-15 13:44:22 + exec /usr/sbin/sshd -D -e
2024-11-15 13:44:22 Server listening on 0.0.0.0 port 22.
2024-11-15 13:44:22 Server listening on :: port 22.
2024-11-15 13:44:22 ssh-keygen: generating new host keys: RSA ECDSA ED25519 

I can confirm that the public key shown here is correct and what is included in my ssh creds.

EDIT: Additionally here is the command I used to start up my container:

docker run -d --rm --name=agent1 -p 2200:22 \
-e "JENKINS_AGENT_SSH_PUBKEY=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpMwzAcZBsJ2Poykbz0JXBApbcpwXnK7LwXZ1uXVQ09" \
jenkins/ssh-agent:alpine-jdk17