[JIRA] (JENKINS-5853) Allow Amazon EC2 Plugin to use ssh keys other than the EC2 private key

ben@fogbutter.com (JIRA)

unread,

Jul 13, 2016, 8:17:01 PM7/13/16

to jenkinsc...@googlegroups.com

Ben Jones commented on

JENKINS-5853

Re: Allow Amazon EC2 Plugin to use ssh keys other than the EC2 private key

I apologize for bringing such an old topic back up, but I encountered an issue related to this today.

The problem I see is that jobs being run on an EC2 slave are able to obtain root privileges on that slave. This may be just fine for some setups, but it obviously has the potential to introduce quite a bit of irritation and chaos (or worse) as well.

To prevent this, I would like to have the master connect to an ec2 slave using the configured remote user, but with a key separate from that which the instance was launched with.

Using a base Ubuntu image as an example, I'm currently restricted to using 'ubuntu' as the remote user and connecting with the key the instance was launched with. Instead I would like to connect as 'jenkins' with some other key entirely (the assumption is that I created this user appropriately via user data, pre-baked ami, etc.).

I could just generate an authorized_keys entry for that user by generating a public key from the private key, which I suppose is just fine, but it doesn't seem like an intuitive solution.

Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

greg@jauntvr.com (JIRA)

unread,

Sep 22, 2016, 7:27:02 PM9/22/16

to jenkinsc...@googlegroups.com

Gregory Brauer commented on

JENKINS-5853

Re: Allow Amazon EC2 Plugin to use ssh keys other than the EC2 private key

We had already been using manually launched EC2 instances using the built-in ssh credentials management to log into a "jenkins" account using a dedicated ssh key. I just want to be able to select one of my existing ssh credentials in the Amazon EC2 plugin so that it would work just like the normal ssh agent configuration, but there is no way to do this.