JENKINS-30749 turned off the JNLP port by default, but not SSHD. It is still enabled (on a random port).

      We should

      • make SSHD be disabled by default
      • move its configuration to /configureSecurity

          [JENKINS-33595] Disable SSHD by default on new Installations

          Keith Zantow added a comment -

          jglick could you point me to an appropriate pair of lifecycle events to start/stop the service? (I can use the InitMilestones for startup, I'm pretty sure but what about shutdown/restarts/cleanup?)

          Keith Zantow added a comment - jglick could you point me to an appropriate pair of lifecycle events to start/stop the service? (I can use the InitMilestones for startup, I'm pretty sure but what about shutdown/restarts/cleanup?)

          This was originally planned for the setup wizard, but got dropped and should be addressed post-2.0.

          Spike Washburn added a comment - This was originally planned for the setup wizard, but got dropped and should be addressed post-2.0.

          Keith Zantow added a comment -

          amuniz if you're addressing JENKINS-33596, it makes sense to address this one at the same time. Basically it's just splitting each thing out of the Jenkins constructor and adding an option to enable/disable it in the global security configuration, according to jglick's notes.

          Keith Zantow added a comment - amuniz if you're addressing JENKINS-33596 , it makes sense to address this one at the same time. Basically it's just splitting each thing out of the Jenkins constructor and adding an option to enable/disable it in the global security configuration, according to jglick 's notes.

          This might be useful to other folks who want to disable built-in sshd. I have it in init.groovy.d and it seems to do the job for me.

          I'd appreciate feedback if there's a problem with it.

          disable_sshd.groovy
          def inst = Jenkins.getInstance()
          def sshDesc = inst.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD")
          sshDesc.setPort(-1)
          sshDesc.save()
          

          George Hartzell added a comment - This might be useful to other folks who want to disable built-in sshd. I have it in init.groovy.d and it seems to do the job for me. I'd appreciate feedback if there's a problem with it. disable_sshd.groovy def inst = Jenkins.getInstance() def sshDesc = inst.getDescriptor( "org.jenkinsci.main.modules.sshd.SSHD" ) sshDesc.setPort(-1) sshDesc.save()

          Jesse Glick added a comment -

          move its configuration to /configureSecurity

          Done already in PR 9.

          Jesse Glick added a comment - move its configuration to /configureSecurity Done already in PR 9 .

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java
          http://jenkins-ci.org/commit/sshd-module/e9d1a5061a9d596ebedb0366d50276ad5c7c6023
          Log:
          [FIXED JENKINS-33595] Disable SSHD port by default.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java http://jenkins-ci.org/commit/sshd-module/e9d1a5061a9d596ebedb0366d50276ad5c7c6023 Log: [FIXED JENKINS-33595] Disable SSHD port by default.

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          CHANGELOG.md
          http://jenkins-ci.org/commit/sshd-module/0918d80d10075ea71b5c8071d02299f93cf77c30
          Log:
          Noting JENKINS-33595 towards sshd module 1.11

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: CHANGELOG.md http://jenkins-ci.org/commit/sshd-module/0918d80d10075ea71b5c8071d02299f93cf77c30 Log: Noting JENKINS-33595 towards sshd module 1.11

          Code changed in jenkins
          User: Jesse Glick
          Path:
          cli/pom.xml
          cli/src/main/java/hudson/cli/CLI.java
          cli/src/main/resources/hudson/cli/client/Messages.properties
          pom.xml
          test/pom.xml
          test/src/test/java/hudson/cli/CLITest.java
          test/src/test/resources/hudson/cli/id_rsa
          test/src/test/resources/hudson/cli/id_rsa.pub
          war/pom.xml
          http://jenkins-ci.org/commit/jenkins/60632c0e988c6e6620daefa181b24f45c46f8d6c
          Log:
          Added -strictHostKey option to CLI in -ssh mode.
          [FIXED JENKINS-33595] Picks up https://github.com/jenkinsci/sshd-module/pull/11
          to turn off SSHD by default, but expose it to tests which wish to enable it.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: cli/pom.xml cli/src/main/java/hudson/cli/CLI.java cli/src/main/resources/hudson/cli/client/Messages.properties pom.xml test/pom.xml test/src/test/java/hudson/cli/CLITest.java test/src/test/resources/hudson/cli/id_rsa test/src/test/resources/hudson/cli/id_rsa.pub war/pom.xml http://jenkins-ci.org/commit/jenkins/60632c0e988c6e6620daefa181b24f45c46f8d6c Log: Added -strictHostKey option to CLI in -ssh mode. [FIXED JENKINS-33595] Picks up https://github.com/jenkinsci/sshd-module/pull/11 to turn off SSHD by default, but expose it to tests which wish to enable it.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          content/_data/changelogs/weekly.yml
          http://jenkins-ci.org/commit/jenkins.io/533c45c9ef9dae8b591219a2836c16efb25c535e
          Log:
          Note JENKINS-33595

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: content/_data/changelogs/weekly.yml http://jenkins-ci.org/commit/jenkins.io/533c45c9ef9dae8b591219a2836c16efb25c535e Log: Note JENKINS-33595

          Daniel Beck added a comment -

          Glad to see a Jenkins development newbie got their teeth cut on this issue

          Daniel Beck added a comment - Glad to see a Jenkins development newbie got their teeth cut on this issue

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: