hudson.plugins.git.GitException returned status code 128:

Hi,

I am facing following issue on my jenkins controller node:
using GIT_SSH to set credentials Jenkins user connection to bitbucket server with ssh key from XXXXXXX
Verifying host key using known hosts file

git fetch --tags --progress ssh://git@git.XX.XX/XXXX/XXXXXXXX.git +refs/heads/:refs/remotes/origin/ # timeout=10
ERROR: Error cloning remote repo ‘origin’
hudson.plugins.git.GitException: Command “git fetch --tags --progress sh://git@git.XX.XX/XXXX/XXXXXXXX.git +refs/heads/:refs/remotes/origin/” returned status code 128:
stdout:
stderr: ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Problem is being visible only on controller node, on agent node all seems to work fine. Configuration of both hosts are same, the same version of sshd (Openssh 7.4), the same version of OS (RedHat 7.9) . I have tried different jenkins versions from 2.346.3-1.1 to 2.361.

Strange thing is that directly from OS I can run the command without any issues, repo is being cloned (the same that is throwing and error on jenkins).

I have checked all keys in known_hosts, jenkins user public keys, key configuration on Jenkins GUI, access key on Bitbucket etc. All seems to be correct (and as cloning from OS works then it has to be ok).

My git-plugin version: 4.13.0

My git-client version: 3.13.0

I have also tried solution from: Loading...

  • Use the “Manually provided keys” host key verification strategy. I’ve attached host keys for several popular providers at the end of this comment → DO NOT WORK
  • Use the “Known hosts file” host key verification strategy and provide a known_hosts file on the agents with values for the required hosts → DO NOT WORK
  • Enable JGit and use JGit instead of command line git on those older OpenSSH versions → CAN NOT BE IMPLEMENTED
  • Switch the repository URL’s in job definitions from ssh protocol to https protocol and provide a username / password credential for the clone instead of a private key credential → LAST RESORT SOLUTION, IF NO OTHER SOLUTION THEN WILL TRY THIS
  • Use the “No verification” host key verification strategy (not recommended) → --> DO NOT WORK, even if I switch to that I am having the same error message

In addition I can tell that strange thing is that above is happening even if I set verifiaction strategy to NO VERIFICATION.

As a reminder, the term “agent” to refer to an agent has been deprecated since 2016. The term “controller” to refer to a controller has been deprecated since 2020. Please refer to On Jenkins Terminology Updates for more details. We request you update your post.

That indicates that the remote host (your Bitbucket server) closed the connection. More information about the reason it closed the connection will be found in the logs on the Bitbucket server.

If you’re willing to read detailed output from the ssh command that is used by command line git, you may be able to set the environment variable GIT_SSH_COMMAND="ssh -vvv" and attempt the checkout with that environment variable set. That will generate lots of output but may help you identify why the Bitbucket server is closing the connection.

An article on CloudBees.com offers more detailed guidance for diagnosing ssh issues

That means that the issue is not host key verification. Since the error message does not mention host key verification, that behavior matches what is expected. The error is something else.

Hi @MarkEWaite , thx for the reply. I have tried to setup some debug but it seems that git plugins cannot see any any additional debug info. Output is same as before setting ssh -vvv (it works if I use git clone in pipeline, I see some additional output but it is not working in plugins)

Read the article for more precise details on how to enable git debug output

Don’t know who needs to read this, but for me it worked out comparing the .gitconfig of the working and the not working agent.