Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15389

Fingerprinting private key for discovery is flawed


    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • ec2-plugin

      The ec2 plugin has code to generate a fingerprint, based on the private key, which matches the one generated by AWS.

      This is unreliable as there are two methods by which an ec2 keypair can come to be:

      1. Generating and retrieving the private key via the API / console
      2. Generating a key locally and importing the public key into ec2 via the API / console

      As amazon never have the private key in the second case they cannot generate a fingerprint for it, and it is instead based on the public key. When the ec2 plugin goes to find which ec2 keypair to start instances with based on this fingerprint it will only ever succeed with keypairs generated by amazon.

      The ec2 keypair should be instead be specified by name along with the contents of the private key.

            francisu Francis Upton
            nickrw Nick Robinson-Wall
            0 Vote for this issue
            4 Start watching this issue