Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21436

SSH Plugin: Passwords for SSH Sites are stored in plaintext

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • ssh-plugin
    • O/s: slc 6.5
      ssh plugin v. 2.4

      Unlike the credentials for connecting to slaves, the password for ssh sites (stored in org.jvnet.hudson.plugins.SSHBuildWrapper.xml) are stored in plaintext.

      <?xml version='1.0' encoding='UTF-8'?>
      <org.jvnet.hudson.plugins.SSHBuildWrapper_-DescriptorImpl plugin="ssh@2.4">
      <sites>
      <org.jvnet.hudson.plugins.SSHSite>
      <hostname>myhost</hostname>
      <port>22</port>
      <username>sgeorgio</username>
      <password>plainpass</password>
      <keyfile></keyfile>
      <serverAliveInterval>0</serverAliveInterval>
      <pty>false</pty>
      </org.jvnet.hudson.plugins.SSHSite>
      </sites>
      </org.jvnet.hudson.plugins.SSHBuildWrapper_-DescriptorImpl>

          [JENKINS-21436] SSH Plugin: Passwords for SSH Sites are stored in plaintext

          Stefaos Georgiou created issue -
          Stefaos Georgiou made changes -
          Labels New: plugin ssh
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 153302 ] New: JNJira + In-Review [ 178487 ]
          Jesse Glick made changes -
          Link New: This issue is duplicated by SECURITY-375 [ SECURITY-375 ]
          Łukasz Jąder made changes -
          Assignee New: Łukasz Jąder [ ljader ]

          Łukasz Jąder added a comment -

          Recent 2.5 version of ssh-plugin switched to using ssh-credentials plugin.

          Previous plain text credentials will be automatically migrated after 2.5 gets installed.

          Łukasz Jąder added a comment - Recent 2.5 version of ssh-plugin switched to using ssh-credentials plugin. Previous plain text credentials will be automatically migrated after 2.5 gets installed.
          Łukasz Jąder made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]

            ljader Łukasz Jąder
            sgeorgio Stefaos Georgiou
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: