When setting up Jenkins on CentOS via YUM, many admins discover the installation doesn't automatically generate SSH keys for the jenkins service account. This becomes problematic when trying to establish passwordless SSH connections between master and slave nodes - a common requirement in CI/CD pipelines.
First, verify the Jenkins service account (typically 'jenkins'):
ps aux | grep jenkins
sudo cat /etc/passwd | grep jenkinsSwitch to the jenkins user and generate keys:
sudo su - jenkins -s /bin/bash
ssh-keygen -t rsa -b 4096 -C "jenkins@master" -f ~/.ssh/id_rsa
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsaCopy the public key to your slave node's authorized_keys:
ssh-copy-id -i ~/.ssh/id_rsa.pub slave-user@slave-ip
# Alternatively manual copy:
cat ~/.ssh/id_rsa.pub | ssh slave-user@slave-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"In Jenkins UI:
- Navigate to Credentials > System > Global credentials
- Add new "SSH Username with private key" credential
- Paste contents of /var/lib/jenkins/.ssh/id_rsa
Common fixes if connections fail:
# On slave node:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
# Check SELinux context:
restorecon -Rv ~/.sshFor more complex environments, consider using SSH agent:
eval ssh-agent -s
ssh-add ~/.ssh/id_rsaWhen setting up Jenkins slaves via SSH, the master server needs proper SSH keys configured for authentication. The default CentOS Yum installation of Jenkins often doesn't automatically generate these keys, which becomes problematic when trying to establish passwordless connections to slave nodes.
First, verify if any SSH keys exist for the Jenkins user:
sudo -u jenkins ls -la /var/lib/jenkins/.ssh/
If the directory doesn't exist or contains no keys, you'll need to generate them.
Execute these commands as root to properly set up the keys:
sudo -u jenkins mkdir -p /var/lib/jenkins/.ssh
sudo -u jenkins ssh-keygen -t rsa -b 4096 -f /var/lib/jenkins/.ssh/id_rsa
sudo -u jenkins chmod 700 /var/lib/jenkins/.ssh
sudo -u jenkins chmod 600 /var/lib/jenkins/.ssh/id_rsa
sudo -u jenkins chmod 644 /var/lib/jenkins/.ssh/id_rsa.pub
Copy the public key to your slave node's authorized_keys file:
sudo -u jenkins cat /var/lib/jenkins/.ssh/id_rsa.pub | ssh slaveuser@slavehost "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
In Jenkins, navigate to Credentials → System → Global credentials and add a new SSH Username with private key:
1. Kind: SSH Username with private key
2. Scope: Global
3. ID: jenkins-master-key
4. Username: jenkins
5. Private Key: Enter directly (paste contents of /var/lib/jenkins/.ssh/id_rsa)
Before configuring the slave node, test the connection manually:
sudo -u jenkins ssh -i /var/lib/jenkins/.ssh/id_rsa slaveuser@slavehost
If connection fails, check these aspects:
1. Permissions on /var/lib/jenkins/.ssh (should be 700)
2. SELinux context (run: sudo restorecon -Rv /var/lib/jenkins/.ssh)
3. Slave's sshd_config (PubkeyAuthentication should be yes)
4. Firewall rules on both machines
For automation purposes, you can use Jenkins CLI to create credentials:
java -jar jenkins-cli.jar -s http://localhost:8080/ create-credentials-by-xml system::system::jenkins <