[JIRA] (JENKINS-55203) Jenkins EC2 plugin prints private key contents in Jenkins log

nicky@dragonlily.co.uk (JIRA)

unread,

Dec 14, 2018, 9:42:02 AM12/14/18

to jenkinsc...@googlegroups.com

Nicola Forbes created an issue

Jenkins /

JENKINS-55203

Jenkins EC2 plugin prints private key contents in Jenkins log

Issue Type:	Improvement
Assignee:	Unassigned
Components:	ec2-plugin
Created:	2018-12-14 14:41
Environment:	Jenkins: 2.150 Plugin: Version 1.41
Priority:	Minor
Reporter:	Nicola Forbes

The Jenkins EC2 plugin prints the contents of the private key into the main jenkins log when it spins up and connects to new slaves. Please can this information be excluded from the logging.

I believe the line that needs to be changed is:

https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java#L278-L279

Example log output given below:

``` Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2RetentionStrategy start
INFO: Start requested for Jenkins Generic Agents (i-092c20a865eed9e81)
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Launching instance: i-092c20a865eed9e81
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: bootstrap()
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Using key: my-jenkins-key
f1:xf:81:b4:d4:4f:49:1f:b2:f6:2a:hg:39:77:t4:4v
----~~BEGIN RSA PRIVATE KEY~~----
<PRIVATE KEY HERE> ```

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

tilman.blumenbach@acrolinx.com (JIRA)

unread,

Jun 19, 2019, 2:55:02 PM6/19/19

to jenkinsc...@googlegroups.com

Tilman Blumenbach started work on

JENKINS-55203

Change By:	Tilman Blumenbach
Status:	Open In Progress

Add Comment

tilman.blumenbach@acrolinx.com (JIRA)

unread,

Jun 19, 2019, 2:55:02 PM6/19/19

to jenkinsc...@googlegroups.com

Tilman Blumenbach assigned an issue to Tilman Blumenbach

Jenkins /

JENKINS-55203

Jenkins EC2 plugin prints private key contents in Jenkins log

Change By:	Tilman Blumenbach
Assignee:	Tilman Blumenbach

Add Comment

tilman.blumenbach@acrolinx.com (JIRA)

unread,

Jun 19, 2019, 2:59:02 PM6/19/19

to jenkinsc...@googlegroups.com

Tilman Blumenbach updated an issue

Jenkins /

JENKINS-55203

Jenkins EC2 plugin prints private key contents in Jenkins log

Change By:	Tilman Blumenbach

The Jenkins EC2 plugin prints the contents of the private key into the main jenkins log when it spins up and connects to new slaves. Please can this information be excluded from the logging.

I believe the line that needs to be changed is:

https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java#L278-L279

Example log output given below:

``` {noformat}

Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2RetentionStrategy start
INFO: Start requested for Jenkins Generic Agents (i-092c20a865eed9e81)
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Launching instance: i-092c20a865eed9e81
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: bootstrap()
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Using key: my-jenkins-key
f1:xf:81:b4:d4:4f:49:1f:b2:f6:2a:hg:39:77:t4:4v

-----BEGIN RSA PRIVATE KEY-----
<PRIVATE KEY HERE> ```
{noformat}