Major It seems that jenkins cli is not able to use SSH agents, which limits the use of the tool considerable, being a serious security risk.
[JENKINS-45320] Add support for SSH agents
danielbeck, that's what I was aiming to do as I find ssh client approach zillions times nicer than downloading and running a jar on the client.... which reminds me of websites asking me to download Flash (or another plugin) 
.
Now the problem is that even with SSH I was not able to get it working yet. Somehow the connection starts but I get no reply from Jenkins. After some time the connection is dropped serverside:
Aug 22, 2017 8:13:51 PM hudson.init.impl.InstallUncaughtExceptionHandler$1 reportException WARNING: null java.io.IOException: HTTP full-duplex channel timeout: c66ea617-6e99-4411-9535-534435ac15ee at jenkins.util.FullDuplexHttpService.download(FullDuplexHttpService.java:104) at jenkins.util.FullDuplexHttpService$Response.generateResponse(FullDuplexHttpService.java:171)
No other feedback at all, making quite hard to guess what is causing this behavior.
ssbarnea that exception is like JENKINS-43666 but this makes no sense since that code is only used from the HTTP-based client. Irrelevant if you are using native SSH to connect.
Manuel Jordan
added a comment - Hello
Even when " SSH-based CLI with regular SSH clients" is possible, according with the current documentation of Jenkins, the "jar" approach has more features available over the other. So would be very nice if the "phrase" can be wrote just once through the `ssh-agent add` and execute "java -jar" many times without re-write each time again the phrase
Manuel Jordan
added a comment - Hello
Even when " SSH-based CLI with regular SSH clients" is possible, according with the current documentation of Jenkins, the "jar" approach has more features available over the other. So would be very nice if the "phrase" can be wrote just once through the `ssh-agent add` and execute "java -jar" many times without re-write each time again the phrase This should probably be closed as not something we care to fix. WebSocket transport is preferred going forward.
Manuel Jordan
added a comment - Is there an official link indicating that WebSocket is better than SSH (about security) and including some instructions to learn that approach?
Manuel Jordan
added a comment - Is there an official link indicating that WebSocket is better than SSH (about security) and including some instructions to learn that approach? I do not know about “security” (there are all sorts of possible considerations) but WebSocket is certainly simpler architecturally: you are just using the same HTTP(S) port Jenkins uses for everything else, with the same authentication mechanism as REST calls (API token).
Manuel Jordan
added a comment - According with my understanding SSH is the best approach about remote connections with 100% security. The approach would be flexible, but now my concern is about security.
Manuel Jordan
added a comment - According with my understanding SSH is the best approach about remote connections with 100% security. The approach would be flexible, but now my concern is about security.
Desirable, but if you have an ssh-agent, you can always use the SSH-based CLI with regular SSH clients.