Jenkins: remote windows build slave

16 views
Skip to first unread message

Jeeva Chelladhurai

unread,
Nov 8, 2017, 1:08:28 AM11/8/17
to jenkins...@googlegroups.com
Hello all!

I want to configure windows build slave which is accessed over a public internet. 

Is JNLP though port 50,000 safe in a public domain?

What is your recommendation?

Thanks,
Jeeva

--
Jeeva K S Chelladhurai

Björn Rohlén

unread,
Nov 8, 2017, 1:30:52 AM11/8/17
to Jenkins Users
Hello.

No.

Regards,
-Björn

Stephen Connolly

unread,
Nov 8, 2017, 2:15:06 AM11/8/17
to jenkins...@googlegroups.com
If Jenkins is served over https and you only have jnlp4 protocol enabled, and you
lock down security on the master, it should be.

If somebody gets their hands on an agent secret, they can take over your master... 

My masters have that port on vpn network only.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/470fb08b-ee4b-4c38-9b6d-69c35d01a8db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Sent from my phone

Jeeva Chelladhurai

unread,
Nov 8, 2017, 2:35:18 AM11/8/17
to jenkins...@googlegroups.com
I have ssh port open, Is it possible to setup SSH slave on Windows?

- Jeeva

On Wed, Nov 8, 2017 at 12:44 PM, Stephen Connolly <stephen.al...@gmail.com> wrote:
If Jenkins is served over https and you only have jnlp4 protocol enabled, and you
lock down security on the master, it should be.

If somebody gets their hands on an agent secret, they can take over your master... 

My masters have that port on vpn network only.
On Wed 8 Nov 2017 at 06:31, Björn Rohlén <bjorn....@gmail.com> wrote:
Hello.

No.

Regards,
-Björn


On Wednesday, 8 November 2017 07:08:28 UTC+1, Jeeva Chelladhurai wrote:
Hello all!

I want to configure windows build slave which is accessed over a public internet. 

Is JNLP though port 50,000 safe in a public domain?

What is your recommendation?

Thanks,
Jeeva

--
Jeeva K S Chelladhurai

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMyEJ24wyLtQnO__vdch4-ZRNjXTs5BqLW6RK_kJj4yXKA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.



--
Jeeva K S Chelladhurai

Stephen Connolly

unread,
Nov 8, 2017, 3:07:20 AM11/8/17
to jenkins...@googlegroups.com
If you use Cygwin as the ssh Server, yes.

If you use Microsoft’s port of OpenSSH, you would need to be a level 10 mage... i’ve heard rumours that it can be made to work using power shell as the launch shell, but not command.com

But i’d recommend setting up a vpn, it’s easy with OpenVPN or similar and much better for security.

On Wed 8 Nov 2017 at 07:35, Jeeva Chelladhurai <sje...@gmail.com> wrote:
I have ssh port open, Is it possible to setup SSH slave on Windows?

- Jeeva

On Wed, Nov 8, 2017 at 12:44 PM, Stephen Connolly <stephen.al...@gmail.com> wrote:
If Jenkins is served over https and you only have jnlp4 protocol enabled, and you
lock down security on the master, it should be.

If somebody gets their hands on an agent secret, they can take over your master... 

My masters have that port on vpn network only.
On Wed 8 Nov 2017 at 06:31, Björn Rohlén <bjorn....@gmail.com> wrote:
Hello.

No.

Regards,
-Björn


On Wednesday, 8 November 2017 07:08:28 UTC+1, Jeeva Chelladhurai wrote:
Hello all!

I want to configure windows build slave which is accessed over a public internet. 

Is JNLP though port 50,000 safe in a public domain?

What is your recommendation?

Thanks,
Jeeva

--
Jeeva K S Chelladhurai

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAK5CbZXW9tB%2B%2BOZAG4g3xRGvj%3D%3Dn%3DH6FbzmAKydYBQ3S2pRY%3DA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Jeeva Chelladhurai

unread,
Nov 8, 2017, 4:36:56 AM11/8/17
to jenkins...@googlegroups.com
Thanks.

- Jeeva

On Wed, Nov 8, 2017 at 1:36 PM, Stephen Connolly <stephen.al...@gmail.com> wrote:
If you use Cygwin as the ssh Server, yes.

If you use Microsoft’s port of OpenSSH, you would need to be a level 10 mage... i’ve heard rumours that it can be made to work using power shell as the launch shell, but not command.com

But i’d recommend setting up a vpn, it’s easy with OpenVPN or similar and much better for security.

On Wed 8 Nov 2017 at 07:35, Jeeva Chelladhurai <sje...@gmail.com> wrote:
I have ssh port open, Is it possible to setup SSH slave on Windows?

- Jeeva

On Wed, Nov 8, 2017 at 12:44 PM, Stephen Connolly <stephen.alan.connolly@gmail.com> wrote:
If Jenkins is served over https and you only have jnlp4 protocol enabled, and you
lock down security on the master, it should be.

If somebody gets their hands on an agent secret, they can take over your master... 

My masters have that port on vpn network only.
On Wed 8 Nov 2017 at 06:31, Björn Rohlén <bjorn....@gmail.com> wrote:
Hello.

No.

Regards,
-Björn


On Wednesday, 8 November 2017 07:08:28 UTC+1, Jeeva Chelladhurai wrote:
Hello all!

I want to configure windows build slave which is accessed over a public internet. 

Is JNLP though port 50,000 safe in a public domain?

What is your recommendation?

Thanks,
Jeeva

--
Jeeva K S Chelladhurai

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMyEJ24wyLtQnO__vdch4-ZRNjXTs5BqLW6RK_kJj4yXKA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.



--
Jeeva K S Chelladhurai

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
--
Sent from my phone

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2BnPnMxy7PXcgXOXmhGN3NTUCi48Gc-PjKPmREsqU-nUknFR7A%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages