Help with Publish Over SSH plugin?
64 views
Skip to first unread message
zil...@gmail.com
Jan 27, 2023, 1:27:15 PM1/27/23
to Jenkins Users
Sorry if this is not the correct forum for plugins help.
I use https://plugins.jenkins.io/publish-over-ssh/ to upload to a secure FTP server. Is there a way to set it disable "Strict host key checking"? At least it's not obvious to me. By this I mean, when you SSH to a machine (the plugin uses SSH), it'll as you
"The authenticity of host 'ftp.company.com (12.70.x.x)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ftp.company.com,12.70.x.x' (RSA) to the list of known hosts."
I created a test job, and working with our IT person, we don't even see it proceed to the username/password authentication, so I'm "guessing" it's stuck with the above
TIA,
Chris
Alex Earl
Jan 30, 2023, 10:50:58 AM1/30/23
to jenkins...@googlegroups.com
I don't think the PO SSH plugin supports different methods of host key checking. You can see here that strict host key checking is always enabled and there is no setting to disable it: https://github.com/jenkinsci/publish-over-ssh-plugin/blob/3ffc0d5b1131611ef030d28d37fb4f8415574b37/src/main/java/jenkins/plugins/publish_over_ssh/BapSshHostConfiguration.java#L406
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/397f4fc4-698b-457f-96e0-19c85d411b8bn%40googlegroups.com.
Website: http://earl-of-code.com
zil...@gmail.com
Jan 30, 2023, 11:25:49 AM1/30/23
to Jenkins Users
Bummer, thanks!
christop...@googlemail.com
Jan 30, 2023, 3:27:30 PM1/30/23
to Jenkins Users
Wouldn't a proper entry in the known-hosts file help here?
Alex Earl
Jan 30, 2023, 4:36:56 PM1/30/23
to jenkins...@googlegroups.com
Yes, but it would be nice if the plugin had different options like other plugins do. I am not sure if there is a maintainer for that plugin right now.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a996ced4-3b01-49f5-b94d-02b3a1544a0an%40googlegroups.com.
Website: http://earl-of-code.com
zil...@gmail.com
Jan 30, 2023, 10:11:26 PM1/30/23
to Jenkins Users
What other plugin would y'all recommend, that had the option to update the known_hosts file, or have a "No strict host check" option?
Thanks
Dirk Heinrichs
Jan 31, 2023, 1:34:47 AM1/31/23
to jenkins...@googlegroups.com
Am Montag, dem 30.01.2023 um 19:11 -0800 schrieb
zil...@gmail.com:
What other plugin would y'all recommend, that had the option to update the known_hosts file, or have a "No strict host check" option?
There are other plugins that use SSH, for example the SSH Agent plugin or the EC2 Cloud plugin. Both connect to agents using SSH and they offer 4 options for host key handling, from "strict" to "no check at all".
Bye...
Dirk
--
Dirk Heinrichs
Senior Systems Engineer, Delivery Pipeline
OpenText ™ Discovery | Recommind
Phone: +49 2226 15966 18
Email: dhei...@opentext.com
Website: www.recommind.de
Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized
copying, disclosure or distribution of the material in this e-mail is strictly forbidden
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten
Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.
zil...@gmail.com
Jan 31, 2023, 11:32:36 AM1/31/23
to Jenkins Users
Thanks. I use the SSH agent plugin, but that's not strictly for FTP? I mean I have to script out pushing to an SFTP server? I'll look at the EC2 Cloud plugin, though we're not an AWS shop (on prem).
Alex Earl
Jan 31, 2023, 4:00:57 PM1/31/23
to jenkins...@googlegroups.com
None of the other SSH plugins do a copy over SSH.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d9cc2a65-c521-449b-97d5-d7d84a7343c1n%40googlegroups.com.
Website: http://earl-of-code.com
Dirk Heinrichs
Feb 1, 2023, 1:42:12 AM2/1/23
to jenkins...@googlegroups.com
Am Dienstag, dem 31.01.2023 um 14:00 -0700 schrieb Alex Earl:
None of the other SSH plugins do a copy over SSH.
Yes, of course not. They were meant as examples how host key verification is handled differently by other plugins that make use of SSH. AFAIK the "publish-over-*" plugins don't use the same underlying SSH library plugin and tus don't have the same capabilities.
IIRR they also don't use Jenkins' credentials provider...
zil...@gmail.com
Feb 1, 2023, 2:03:26 PM2/1/23
to Jenkins Users
When using the Publish Over SSH plugin in a job, what "known_hosts" file is it using? I see one in "c:\Users\myUser\.ssh\known_hosts" but also in "c:\Windows\system32\config\systemprofile\.ssh\known_hosts"
Alex Earl
Feb 1, 2023, 2:39:06 PM2/1/23
to jenkins...@googlegroups.com
What user is your agent/controller running as? If you are running the controller as Local System, it would be the second path, but I would highly recommend that you setup a service account just for Jenkins and run Jenkins as that user.
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/d317c501-823b-4f22-b262-1e8dd3e727e1n%40googlegroups.com.
Website: http://earl-of-code.com
zil...@gmail.com
Feb 1, 2023, 4:14:51 PM2/1/23
to Jenkins Users
My agent is currently running under the "Administrator" account, so I did update its known_hosts file to no avail.
Thanks
zil...@gmail.com
Feb 1, 2023, 4:29:18 PM2/1/23
to Jenkins Users
...and logged in as user "Administrator", I can connect to the SFTP server manually. My plugin uses the "devops" user too.
...prompts me for the p/w, and once entered, I connect.
Thanks
Alex Earl
Feb 2, 2023, 10:07:39 AM2/2/23
to jenkins...@googlegroups.com
Actually, I looked at the code again and it looks like PO-SSH should not be doing host key checking, can you share the build log?
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3287abc8-974d-49f5-8269-582d29f98f4fn%40googlegroups.com.
Website: http://earl-of-code.com
Reply all
Reply to author
Forward
0 new messages