Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33595

Disable SSHD by default on new Installations

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      JENKINS-30749 turned off the JNLP port by default, but not SSHD. It is still enabled (on a random port).

      We should

      • make SSHD be disabled by default
      • move its configuration to /configureSecurity

        Attachments

          Issue Links

            Activity

            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue is blocking JENKINS-30749 [ JENKINS-30749 ]
            Hide
            kzantow Keith Zantow added a comment -

            Jesse Glick could you point me to an appropriate pair of lifecycle events to start/stop the service? (I can use the InitMilestones for startup, I'm pretty sure but what about shutdown/restarts/cleanup?)

            Show
            kzantow Keith Zantow added a comment - Jesse Glick could you point me to an appropriate pair of lifecycle events to start/stop the service? (I can use the InitMilestones for startup, I'm pretty sure but what about shutdown/restarts/cleanup?)
            Hide
            swashbuck1r Spike Washburn added a comment -

            This was originally planned for the setup wizard, but got dropped and should be addressed post-2.0.

            Show
            swashbuck1r Spike Washburn added a comment - This was originally planned for the setup wizard, but got dropped and should be addressed post-2.0.
            swashbuck1r Spike Washburn made changes -
            Labels 2.0 2.0 community-bee
            kzantow Keith Zantow made changes -
            Assignee Keith Zantow [ kzantow ] Antonio Muñiz [ amuniz ]
            Hide
            kzantow Keith Zantow added a comment -

            Antonio Muñiz if you're addressing JENKINS-33596, it makes sense to address this one at the same time. Basically it's just splitting each thing out of the Jenkins constructor and adding an option to enable/disable it in the global security configuration, according to Jesse Glick's notes.

            Show
            kzantow Keith Zantow added a comment - Antonio Muñiz if you're addressing JENKINS-33596 , it makes sense to address this one at the same time. Basically it's just splitting each thing out of the Jenkins constructor and adding an option to enable/disable it in the global security configuration, according to Jesse Glick 's notes.
            kzantow Keith Zantow made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            kzantow Keith Zantow made changes -
            Assignee Antonio Muñiz [ amuniz ] Keith Zantow [ kzantow ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 169551 ] JNJira + In-Review [ 185703 ]
            kzantow Keith Zantow made changes -
            Status In Progress [ 3 ] Open [ 1 ]
            Hide
            hartzell George Hartzell added a comment -

            This might be useful to other folks who want to disable built-in sshd. I have it in init.groovy.d and it seems to do the job for me.

            I'd appreciate feedback if there's a problem with it.

            disable_sshd.groovy
            def inst = Jenkins.getInstance()
            def sshDesc = inst.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD")
            sshDesc.setPort(-1)
            sshDesc.save()
            
            Show
            hartzell George Hartzell added a comment - This might be useful to other folks who want to disable built-in sshd. I have it in init.groovy.d and it seems to do the job for me. I'd appreciate feedback if there's a problem with it. disable_sshd.groovy def inst = Jenkins.getInstance() def sshDesc = inst.getDescriptor( "org.jenkinsci.main.modules.sshd.SSHD" ) sshDesc.setPort(-1) sshDesc.save()
            danielbeck Daniel Beck made changes -
            Labels 2.0 community-bee 2.0 community-bee newbie-friendly
            Hide
            jglick Jesse Glick added a comment -

            move its configuration to /configureSecurity

            Done already in PR 9.

            Show
            jglick Jesse Glick added a comment - move its configuration to /configureSecurity Done already in PR 9 .
            jglick Jesse Glick made changes -
            Assignee Keith Zantow [ kzantow ] Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-41745 [ JENKINS-41745 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "sshd-module PR 11 (Web Link)" [ 15814 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java
            http://jenkins-ci.org/commit/sshd-module/e9d1a5061a9d596ebedb0366d50276ad5c7c6023
            Log:
            [FIXED JENKINS-33595] Disable SSHD port by default.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/main/modules/sshd/SSHD.java http://jenkins-ci.org/commit/sshd-module/e9d1a5061a9d596ebedb0366d50276ad5c7c6023 Log: [FIXED JENKINS-33595] Disable SSHD port by default.
            oleg_nenashev Oleg Nenashev made changes -
            Summary Disable SSHD by default Disable SSHD by default on new Installations
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            CHANGELOG.md
            http://jenkins-ci.org/commit/sshd-module/0918d80d10075ea71b5c8071d02299f93cf77c30
            Log:
            Noting JENKINS-33595 towards sshd module 1.11

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: CHANGELOG.md http://jenkins-ci.org/commit/sshd-module/0918d80d10075ea71b5c8071d02299f93cf77c30 Log: Noting JENKINS-33595 towards sshd module 1.11
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            cli/pom.xml
            cli/src/main/java/hudson/cli/CLI.java
            cli/src/main/resources/hudson/cli/client/Messages.properties
            pom.xml
            test/pom.xml
            test/src/test/java/hudson/cli/CLITest.java
            test/src/test/resources/hudson/cli/id_rsa
            test/src/test/resources/hudson/cli/id_rsa.pub
            war/pom.xml
            http://jenkins-ci.org/commit/jenkins/60632c0e988c6e6620daefa181b24f45c46f8d6c
            Log:
            Added -strictHostKey option to CLI in -ssh mode.
            [FIXED JENKINS-33595] Picks up https://github.com/jenkinsci/sshd-module/pull/11
            to turn off SSHD by default, but expose it to tests which wish to enable it.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: cli/pom.xml cli/src/main/java/hudson/cli/CLI.java cli/src/main/resources/hudson/cli/client/Messages.properties pom.xml test/pom.xml test/src/test/java/hudson/cli/CLITest.java test/src/test/resources/hudson/cli/id_rsa test/src/test/resources/hudson/cli/id_rsa.pub war/pom.xml http://jenkins-ci.org/commit/jenkins/60632c0e988c6e6620daefa181b24f45c46f8d6c Log: Added -strictHostKey option to CLI in -ssh mode. [FIXED JENKINS-33595] Picks up https://github.com/jenkinsci/sshd-module/pull/11 to turn off SSHD by default, but expose it to tests which wish to enable it.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            content/_data/changelogs/weekly.yml
            http://jenkins-ci.org/commit/jenkins.io/533c45c9ef9dae8b591219a2836c16efb25c535e
            Log:
            Note JENKINS-33595

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: content/_data/changelogs/weekly.yml http://jenkins-ci.org/commit/jenkins.io/533c45c9ef9dae8b591219a2836c16efb25c535e Log: Note JENKINS-33595
            Hide
            danielbeck Daniel Beck added a comment -

            Glad to see a Jenkins development newbie got their teeth cut on this issue

            Show
            danielbeck Daniel Beck added a comment - Glad to see a Jenkins development newbie got their teeth cut on this issue
            danielbeck Daniel Beck made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]

              People

              Assignee:
              jglick Jesse Glick
              Reporter:
              jglick Jesse Glick
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: