• EC2 Plugin 1.50.3

      Version 1.50.2 introduces security mitigations by proposing new options for SSH.

      2 of the 3 options have been introduced by SSH version 7.6:

      • ssh(1): expand the StrictHostKeyChecking option with two new
        settings. The first "accept-new" will automatically accept
        hitherto-unseen keys but will refuse connections for changed or
        invalid hostkeys. This is a safer subset of the current behaviour
        of StrictHostKeyChecking=no. The second setting "off", is a synonym
        for the current behaviour of StrictHostKeyChecking=no: accept new
        host keys, and continue connection for hosts with incorrect
        hostkeys. A future release will change the meaning of
        StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

      Although it was released almost 3 years ago, this seriously breaks compatibility with non-recent Jenkins installations.

      For instance, the current default Docker image for Jenkins is currently based off Debian Stretch which provides SSH 7.4 and doesn't support these new options:

      $ docker run --rm -ti jenkins/jenkins:2.235 ssh -o StrictHostKeyChecking=off
      command-line line 0: unsupported option "off".
      $ docker run --rm -ti jenkins/jenkins:2.235 ssh -o StrictHostKeyChecking=accept-new
      command-line line 0: unsupported option "accept-new".
      $ docker run --rm -ti jenkins/jenkins:lts ssh -o StrictHostKeyChecking=accept-new
      command-line line 0: unsupported option "accept-new".
      

          [JENKINS-62195] ec2-1.50.2 doesn't work with SSH <7.5

          Jonathan Ballet created issue -
          David Troup made changes -
          Comment [ You can change the strategy in the config

           

          Host Key Verification Strategy in cloud config ]
          Oleg Nenashev made changes -
          Assignee Original: FABRIZIO MANFREDI [ thoulen ]
          Oleg Nenashev made changes -
          Labels New: regression
          Ramon Leon made changes -
          Assignee New: Ramon Leon [ mramonleon ]
          Ramon Leon made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Ramon Leon made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Ramon Leon made changes -
          Remote Link New: This issue links to "PR #460 (Web Link)" [ 24909 ]
          Ramon Leon made changes -
          Remote Link New: This issue links to "PR #455 (Web Link)" [ 24910 ]
          Ramon Leon made changes -
          Link New: This issue relates to JENKINS-62227 [ JENKINS-62227 ]
          Ramon Leon made changes -
          Link New: This issue relates to JENKINS-62231 [ JENKINS-62231 ]

            mramonleon Ramon Leon
            multani Jonathan Ballet
            Votes:
            4 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: