I am trying to copy resources to another location. I am using maven wagon-ssh plugin to do this. It works fine locally, I am having issues when using Hudson/Jenkins.

My settings.xml file looks like this:

            <knownHostsProvider implementation="org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider">

I tried this answer to skipping checking as I was getting:

Are you sure you want to continue connecting? (yes/no): The authenticity of host 'address' can't be established.
RSA key fingerprint is 10:.......:bb.

but now I am getting:

Could not apply configuration for iq to wagon org.apache.maven.wagon.providers.ssh.jsch.ScpWagon:ClassNotFoundException: Class name which was explicitly given in configuration using 'implementation' attribute: 'org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider' cannot be loaded
org.codehaus.plexus.component.configurator.ComponentConfigurationException: ClassNotFoundException: Class name which was explicitly given in configuration using 'implementation' attribute: 'org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider' cannot be loaded
    at org.codehaus.plexus.component.configurator.converters.AbstractConfigurationConverter.getClassForImplementationHint(
    at .....

Caused by: java.lang.ClassNotFoundException: org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider
    at org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy.loadClass(
    at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(
    at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(
    at org.codehaus.plexus.component.configurator.converters.AbstractConfigurationConverter.getClassForImplementationHint(
    ... 37 more
maven apparently requires a ssh-rsa entry in the known_hosts file for the jenkins user. You can add the ssh-rsa entry to the file by issuing:

ssh-keyscan -t rsa YOUR_REMOTE_HOSTNAME >> ~jenkins/.ssh/known_hosts

[[ Added from another answer to make this one definitive. ]]

Instead, you might be able to add the following to the ~jenkins/.ssh/config. See: How to Avoid Maven builds stall on ssh host authenticity problem?

StrictHostKeyChecking no

The problem was that RSA keys were not exchanged.

so what I did was that, I connected both the servers from command line. So the RSA keys got stored and

this message stopped. It works perfectly now


This is what we use to populate known_hosts file on jenkins node:

                import com.jcraft.jsch.*;
                import org.apache.maven.wagon.providers.ssh.knownhost.*;

                def keyString = "<REPLACE_WITH_HOST_KEY>" // host key - the line from known_hosts after key type (ssh-rsa)

                FileKnownHostsProvider fkhp = new FileKnownHostsProvider();

                JSch sch = new JSch();
                sch.setKnownHosts(new ByteArrayInputStream(fkhp.getContents().getBytes()));

                def host = // define <serverAddress></serverAddress> in <properties> 

                if (host != null) {
                  HostKeyRepository hkr = sch.getHostKeyRepository();
                  HostKey[] hk = hkr.getHostKey( host , null );

                  StringWriter stringWriter = new StringWriter();

                  String knownHost = host + " " + "ssh-rsa" + " " + keyString;

                  if ( hk != null )

                    PrintWriter w = new PrintWriter( stringWriter )
                    def containsKey = false;
                    for ( HostKey key : hk )
                      def toAdd =  key.getHost() + " " + key.getType() + " " + key.getKey();
                      w.println(toAdd)  ;
                      containsKey = knownHost.equals(toAdd);
                    if (!containsKey) {
                      println "Adding key for " + host + " to known_hosts"
                      fkhp.storeKnownHosts(stringWriter.toString() );
                    } else {
                      println "Key for " + host + " is already present in known_hosts"

Seems to work pretty well.


Wagon-ssh will do the work for you. No manual or scripted copying of fingerprints need be done.

Disable only strict host key checking in the settings.xml file.




The host fingerprint is automatically accepted and stored in the known_hosts file. The rest of the authentication process proceeds as normal.

This runs successfully on a Bamboo buildserver with build agents with their own local ssh configuration files.