Upload File to remote server using ssh-ed25519 algorithm for sever_host_key

[jbogdahn]

Jenkins and plugins versions report

Environment

Jenkins: 2.426.3
OS: Linux - 5.4.0-150-generic
Java: 21.0.2 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)

jsch:0.2.16-86.v42e010d9484b_
publish-over-ssh:1.25

What Operating System are you using (both controller, and any agents involved in the problem)?

Master: OS: Linux - 5.4.0-150-generic
Slave/Runner: jenkins/inbound-agent:3206.vb_15dcf73f6a_9-7-jdk21

Reproduction steps

1. Jenkins Master with installed publish-over-ssh plugin
2. An inbound-agent that needs to upload a file to a remote drive over ssh using the plugin - The remote server is configured to only accept ssh-ed25519 as server-host-key
3. Jenkinsfile is used to define the pipeline
4. Upload step is defined to be run on the Jenkins agent

Expected Results

The connection from the agent is successfull and the files can be uploaded

Actual Results

We get an error when connecting:

ERROR: Exception when publishing, exception message [Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [****]. Message [Algorithm negotiation fail: algorithmName="server_host_key" jschProposal="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256" serverProposal="ssh-ed25519"]]]

The ssh-ed25519 algorithm is missing in the jschProposal section

Anything else?

We have a rather strange issue using "Publish Over SSH"-Plugin on a jenkins node.
The actual error when trying to upload a release to SFTP server is:

SSH: Connecting session ...
ERROR: Exception when publishing, exception message [Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [ara-dev]. Message [Algorithm negotiation fail: algorithmName="server_host_key" jschProposal="ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256" serverProposal="ssh-ed25519"]]]

We tracked it down to the "JSch dependency plugin" which in turn is using https://github.com/mwiede/jsch library, which is packed as a Multi-Release Jar, meaning that when running the lib with JDK15+ the mentioned Algorithm "ssh-ed25519" should be available (as "jschProposal") and work with the server algorithm.
Our Jenkins master node is meanwhile running on JDK 21 and for agent nodes we tried JDK 17 and 21, but resulting in always the same error message.

At least one thing worked: on master node with the recent update to JDK 21 the "Test connection"-Button in the Jenkins Settings Section for the "Publish Over SSH"-Plugin began to succeed; with previous JDK11 we also had the error message mentioned above.

So we suspect now that remote class loading of the plugin from a Jenkins runner node does not really work with Multi-Release Jars logic, so only older algorithms are available, but we also don't have the option to run it simply on master node.

Are you interested in contributing a fix?

No response