Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15389

Fingerprinting private key for discovery is flawed

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The ec2 plugin has code to generate a fingerprint, based on the private key, which matches the one generated by AWS.

      This is unreliable as there are two methods by which an ec2 keypair can come to be:

      1. Generating and retrieving the private key via the API / console
      2. Generating a key locally and importing the public key into ec2 via the API / console

      As amazon never have the private key in the second case they cannot generate a fingerprint for it, and it is instead based on the public key. When the ec2 plugin goes to find which ec2 keypair to start instances with based on this fingerprint it will only ever succeed with keypairs generated by amazon.

      The ec2 keypair should be instead be specified by name along with the contents of the private key.

        Attachments

          Activity

          Hide
          ringerc Craig Ringer added a comment -

          This appears to be fixed in more recent releases.

          Show
          ringerc Craig Ringer added a comment - This appears to be fixed in more recent releases.
          Hide
          joekiller Joseph Lawson added a comment - - edited

          This was fixed with: https://issues.jenkins-ci.org/browse/JENKINS-17683 the plugin now checks both the private keyfingerprint (off of a sha checksum) and the public key fingerprint (off of an md5 checksum)

          Show
          joekiller Joseph Lawson added a comment - - edited This was fixed with: https://issues.jenkins-ci.org/browse/JENKINS-17683 the plugin now checks both the private keyfingerprint (off of a sha checksum) and the public key fingerprint (off of an md5 checksum)
          Show
          francisu Francis Upton added a comment - https://issues.jenkins-ci.org/browse/JENKINS-17683

            People

            Assignee:
            francisu Francis Upton
            Reporter:
            nickrw Nick Robinson-Wall
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: