Security question - can master-slave communication be encrypted?
1,204 views
Skip to first unread message
Akshay Dayal
Jan 21, 2015, 2:35:40 PM1/21/15
to jenkin...@googlegroups.com
Hey folks,
We want to use Jenkins for a project and have a few security related questions. In our setup we're going to have the slaves register themselves to the master using JNLP. (Note: Having the master initiate connections over SSH is not an option).
Q1. Once they are connected to the master - what is the protocol that is used for communication?
Q2. Where can I read up more about the communication mechanism?
Q3. Is the communication encrypted by default? If not - can it be encrypted?
Best,
Akshay
Jesse Glick
Jan 21, 2015, 2:59:29 PM1/21/15
to Jenkins Dev
On Wed, Jan 21, 2015 at 2:35 PM, Akshay Dayal <aks...@google.com> wrote:
> Q1. Once they are connected to the master - what is the protocol that is
> used for communication?
Jenkins Remoting, a binary format.
> Q1. Once they are connected to the master - what is the protocol that is
> used for communication?
> Q2. Where can I read up more about the communication mechanism?
> Q3. Is the communication encrypted by default? If not - can it be encrypted?
https://github.com/jenkinsci/jenkins/blob/fccc34987f03a2716f3744a998cfe7d9127abafc/core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol.java#L120
https://github.com/jenkinsci/remoting/blob/e62cef4143e81741a243697b463f3434bc6deb68/src/main/java/hudson/remoting/ChannelBuilder.java#L285
Akshay Dayal
Jan 21, 2015, 3:07:57 PM1/21/15
to jenkin...@googlegroups.com
Thanks for the quick reply and the links to the source!
If encryption is important to us, how long do you think it will take us to add support for it once we get familiar with the architecture and source? Do you know of any in-progress efforts to do so?
Jesse Glick
Jan 21, 2015, 4:37:04 PM1/21/15
to Jenkins Dev
On Wed, Jan 21, 2015 at 3:07 PM, Akshay Dayal <aks...@google.com> wrote:
> If encryption is important to us, how long do you think it will take us to
> add support for it once we get familiar with the architecture and source?
Always hard to judge that kind of thing. BTW I forgot to mention the
> If encryption is important to us, how long do you think it will take us to
> add support for it once we get familiar with the architecture and source?
client side:
https://github.com/jenkinsci/remoting/blob/e62cef4143e81741a243697b463f3434bc6deb68/src/main/java/hudson/remoting/Engine.java#L281
A simple cipher is already used to ensure that the client javaws
command is actually coming from a slave-jnlp.jelly rendered for a user
authorized to connect to that Computer, but I am not sure how useful
that is. You could perhaps use
https://github.com/jenkinsci/instance-identity-module/blob/16493ef02ee3ea0a96194f06f97d9dbdb766ff75/src/main/resources/org/jenkinsci/main/modules/instance_identity/PageDecoratorImpl/httpHeaders.jelly#L2
(a header accessible to the client) and
https://github.com/jenkinsci/instance-identity-module/blob/16493ef02ee3ea0a96194f06f97d9dbdb766ff75/src/main/java/org/jenkinsci/main/modules/instance_identity/InstanceIdentity.java#L121
to transfer a randomly generated symmetric encryption key from the
slave to the master during the handshake, and then wrap the
SocketInput/OutputStream in the corresponding cipher for all further
communications.
(Whether such a method is in fact safe is a question for a qualified
security expert.)
> Do you know of any in-progress efforts to do so?
I think a well-implemented and tested patch to add this mode would be
accepted as the default behavior for Jenkins. (You would need to add a
JnlpSlaveAgentProtocol3 so as to remain wire-compatible with old slave
agents. See JnlpSlaveAgentProtocol2 for how this is done.)
Akshay Dayal
Jan 23, 2015, 2:47:57 PM1/23/15
to jenkin...@googlegroups.com
Hey Jesse,
Thanks for the detailed information. I was looking at the source yesterday, I'll start playing around with this next week. I've created https://issues.jenkins-ci.org/browse/JENKINS-26580, if I need help on something should I post questions on this thread, post it in the bug or something else?
I may need some help updating the handshake process where the slave sends its key to the master. I'm guessing at least one place that needs to be modified (or maybe more correctly overriden) is:
https://github.com/jenkinsci/jenkins/blob/fccc34987f03a2716f3744a998cfe7d9127abafc/core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol.java#L87
I'll know more once I start playing around.
I'll know more once I start playing around.
Jesse Glick
Jan 23, 2015, 9:28:12 PM1/23/15
to Jenkins Dev
On Fri, Jan 23, 2015 at 2:47 PM, Akshay Dayal <aks...@google.com> wrote:
> if I need help on
> something should I post questions on this thread, post it in the bug or
> something else?
I guess it makes sense to comment on the JIRA ticket; anyone
> if I need help on
> something should I post questions on this thread, post it in the bug or
> something else?
interested in watching it can.
> I may need some help updating the handshake process where the slave sends
> its key to the master.
presumably the node name is not a state secret.
Reply all
Reply to author
Forward
0 new messages