[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Giacomo Boccardo created an issue Jenkins / JENKINS-43062 SSH Host Key Verifiers are not configured for all SSH slaves Issue Type: Bug Assignee: Kohsuke Kawaguchi Components: ssh-slaves-plugin Created: 2017/Mar/23 9:37 AM Priority: Minor Reporter: Giacomo Boccardo Since the last update of SSH Slaves plugin, the following warning is shown: SSH Host Key Verifiers are not configured for all SSH slaves on this Jenkins instance. This could leave these slaves open to man-in-the-middle attacks. Update your slave configuration to resolve this. I have three slaves, whose "Launch method" is "Launch agent via Java Web Start" for two of them and "Launch slave agents via SSH" for the third one. Does the warning refer only to the last one? The "Host Key Verification Strategy" I set is "Known hosts file Verification Strategy". What should I do to avoid that warning? Add Comment
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title
Giacomo Boccardo updated an issue
Jenkins / JENKINS-43062
SSH Host Key Verifiers are not configured for all SSH slaves
Change By:
Giacomo Boccardo
Since the last update of SSH Slaves plugin, the following warning is shown: {code:java}SSH Host Key Verifiers are not configured for all SSH slaves on this Jenkins instance. This could leave these slaves open to man-in-the-middle attacks. Update your slave configuration to resolve this.{code}I have three slaves, whose "Launch method" is "Launch agent via Java Web Start" for two of them and "Launch slave agents via SSH" for the third one.Does the warning refer only to the last one?The "Host Key Verification Strategy" I set is "Known hosts file Verification Strategy". What should I do to avoid that warning?
Add Comment
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Giacomo Boccardo commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves I read the source code and I can answer to myself: that warning refers only to slaves launched via SSH; the "Known hosts file Verification Strategy" is sufficient to avoid that warning. So, I changed something random in the configuration of the SSH slave, saved, reverted the change and saved again and the warning disappeared. Solved the problem, but quite frustrating Before someone asks me, I restarted Jenkins after upgrading the plugin, so that's not the reason of this issue. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Shannon Kerr commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves Agree, frustrating. Why should I have to change something arbitrary and then change back just to get this to go away? I'm seeing this on two Jenkins instances. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Daniel Beck commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves The "Host Key Verification Strategy" I set is "Known hosts file Verification Strategy". What should I do to avoid that warning? Maybe a UI bug, if existing SSH slaves have no strategy set, but there's no entry for 'none' in the list – if so, it should suffice to just submit the form. CC Michael Clarke WDYT? Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Michael Clarke commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves There is no publicly available 'No verification' strategy available (it's used internally for anyone upgrading the plugin and therefore not having a strategy set), so anyone submitting the form is forced to submit a strategy, and may therefore just end up with the 'Known hosts' strategy as a default since that's first in the list. I did have a view that anyone modifying the slave configuration should be made to explicitly set an option, but it's not clear that's happening from the way the form is presented and validation currently runs. I'll look at improving this. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Michael Clarke assigned an issue to Michael Clarke Jenkins / JENKINS-43062 SSH Host Key Verifiers are not configured for all SSH slaves Change By: Michael Clarke Assignee: Kohsuke Kawaguchi Michael Clarke Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Joe Fowler commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves I just sit 'Save', on each of the nodes without changing anything and the message went away... Still, an aggravation. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Daniel Beck commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves I just sit 'Save', on each of the nodes without changing anything and the message went away... The reason this works is explained in the comment before yours. Still, an aggravation. Do you have a suggestion how go from 'no host key verification' to 'appropriate host key verification method as chosen by admin' without telling the admin about the problem? Seems to me that this works as intended (and is actually on the permissive side – imagine all SSH slaves refusing to connect until you've configured a host key verifier). Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Giacomo Boccardo commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves In my opinion the current behavior can be considered correct because the slaves continue to work after upgrading the plugin. However, the warning message should be clarified in order to explain the admin what happened and why this warning message is displayed; I mean something like: "SSH Slaves plugin has been upgraded to avoid man-in-the-middle attacks. To dismiss this warning message, please confirm the current SSH Host Key Verifiers configuration explicitly saving it for each of the SSH slaves or changing it as you need". Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Daniel Beck commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves explain the admin what happened and why this warning message is displayed Improving the message looks like a reasonable suggestion, thank you Giacomo Boccardo! Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-43062) SSH Host Key Verifiers are not configured for all SSH slaves
Title: Message Title Alex Radinsky commented on JENKINS-43062 Re: SSH Host Key Verifiers are not configured for all SSH slaves I just sit 'Save', on each of the nodes without changing anything and the message went away Worked for me as well Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
