-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Ubuntu 14.04
I am trying to store an RSA private key in Jenkins, and reference it using the Credentials Binding plugin.
I was able to upload the RSA private key as a Secret File, bound to a "domain".
(The "domain" is just some arbitrary text label).
This is the only way it appeared in the dropdown list in my project when I selected 'Use secret text(s) or file(s), then under Bindings select 'Secret text', and then it shows up in the dropdown list.
So then I selected it, bound it to an env var, and attempted to use it in my project.
I got this error:
+ rsync -auvz -e 'ssh -i /var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa -p 12345' test_file someone@somewhere.net:/home/someuser/test_dir
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa
- depends on
-
-
- Resolved
-
- is related to
-
JENKINS-28399 Support for SSHUserPrivateKey
-
- Resolved
-
- links to
[JENKINS-29255] Use of RSA private key yields error: Permissions 0644 for '/…/secretFiles/…/blah.id_rsa' are too open
M Chon
created issue -
M Chon
added a comment - Related issue, if I enter the SSH key under the 'Manage Credentials' area of Jenkins, NOT bound to any "domain", I cannot find a way to reference it inside my project. Am I missing something?
M Chon
added a comment - Related issue, if I enter the SSH key under the 'Manage Credentials' area of Jenkins, NOT bound to any "domain", I cannot find a way to reference it inside my project. Am I missing something? mcsf your first problem would be a separate issue in this component. Not sure offhand what is going wrong; check if it is reproducible in a clean environment.
mcsf your second problem is JENKINS-28399, that currently there is no support for private key credentials, only generic secret files. A fix of that issue would make this issue much less important (though still valid since there may be other programs which require a restrictive mode).
The workaround for this issue is presumably to chmod go-r $SECRET_FILE in your shell script before trying to use it.
| Link |
New:
This issue is related to |
| Remote Link | New: This issue links to "PR 1 (Web Link)" [ 12978 ] |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Assignee | Original: Jesse Glick [ jglick ] |
| Summary | Original: When storing an RSA private key and attempting to use via Credentials Binding, I get the error Permissions 0644 for '/var/lib/jenkins/secretFiles/74ec48f8-ead9-4545-99ac-9a8c351cf19d/blah.id_rsa' are too open. | New: Use of RSA private key yields error: Permissions 0644 for '/…/secretFiles/…/blah.id_rsa' are too open |
Related issue,
If in my project I select 'Use secret text(s) or file(s), then under Bindings select 'Secret text', then click on the 'Add' button, and enter all the info, and click on 'Save', it doesn't save anything.
Should I file a separate bug for this, and if so, would it go under the Credentials Binding plugin or the Credentials plugin?