Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55203

Jenkins EC2 plugin prints private key contents in Jenkins log

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • ec2-plugin
    • None
    • Jenkins: 2.150
      Plugin: Version 1.41
    • ec2-1.44, 1.42.1, 1.41.1

    Description

      The Jenkins EC2 plugin prints the contents of the private key into the main jenkins log when it spins up and connects to new slaves. Please can this information be excluded from the logging.

      I believe the line that needs to be changed is:

      https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java#L278-L279

      Example log output given below:

      Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2RetentionStrategy start
INFO: Start requested for Jenkins Generic Agents (i-092c20a865eed9e81)
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Launching instance: i-092c20a865eed9e81
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: bootstrap()
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Getting keypair...
Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
INFO: Using key: my-jenkins-key
f1:xf:81:b4:d4:4f:49:1f:b2:f6:2a:hg:39:77:t4:4v
-----BEGIN RSA PRIVATE KEY-----
<PRIVATE KEY HERE>

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          nforbes Nicola Forbes created issue -
          acrolinx_blumenbach Tilman Blumenbach made changes -
          Field Original Value New Value
          Assignee Tilman Blumenbach [ acrolinx_blumenbach ]
          acrolinx_blumenbach Tilman Blumenbach made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          acrolinx_blumenbach Tilman Blumenbach made changes -
          Description The Jenkins EC2 plugin prints the contents of the private key into the main jenkins log when it spins up and connects to new slaves. Please can this information be excluded from the logging.

          I believe the line that needs to be changed is:

          https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java#L278-L279

          Example log output given below:

          ``` Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Getting keypair...
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2RetentionStrategy start
          INFO: Start requested for Jenkins Generic Agents (i-092c20a865eed9e81)
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Launching instance: i-092c20a865eed9e81
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: bootstrap()
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Getting keypair...
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Using key: my-jenkins-key
          f1:xf:81:b4:d4:4f:49:1f:b2:f6:2a:hg:39:77:t4:4v
          -----BEGIN RSA PRIVATE KEY-----
          <PRIVATE KEY HERE> ```           		The Jenkins EC2 plugin prints the contents of the private key into the main jenkins log when it spins up and connects to new slaves. Please can this information be excluded from the logging.

          I believe the line that needs to be changed is:

          https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java#L278-L279

          Example log output given below:

          {noformat}
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Getting keypair...
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2RetentionStrategy start
          INFO: Start requested for Jenkins Generic Agents (i-092c20a865eed9e81)
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Launching instance: i-092c20a865eed9e81
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: bootstrap()
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Getting keypair...
          Dec 14, 2018 9:42:50 AM hudson.plugins.ec2.EC2Cloud log
          INFO: Using key: my-jenkins-key
          f1:xf:81:b4:d4:4f:49:1f:b2:f6:2a:hg:39:77:t4:4v
          -----BEGIN RSA PRIVATE KEY-----
          <PRIVATE KEY HERE>
          {noformat}
          acrolinx_blumenbach Tilman Blumenbach made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Fixed but Unreleased [ 10203 ]
          acrolinx_blumenbach Tilman Blumenbach made changes -
          Released As Amazon EC2 v1.44
          Assignee Tilman Blumenbach [ acrolinx_blumenbach ]
          Status Fixed but Unreleased [ 10203 ] Closed [ 6 ]
          acrolinx_blumenbach Tilman Blumenbach made changes -
          Released As Amazon EC2 v1.44 Amazon EC2 plug-in v1.44
          jvz Matt Sicker made changes -
          Released As Amazon EC2 plug-in v1.44 ec2-1.44, 1.42.1, 1.41.1
          jvz Matt Sicker added a comment -

          I backported the public security fix to create 1.42.1 and 1.41.1 due to some configuration changes in 1.43 that make it forward incompatible.

          jvz Matt Sicker added a comment - I backported the public security fix to create 1.42.1 and 1.41.1 due to some configuration changes in 1.43 that make it forward incompatible.

          People

            Unassigned Unassigned
            nforbes Nicola Forbes
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: