Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Component/s: credentials-binding-plugin
Labels:
None
Environment:

Hide
Controller:
Jenkins 2.277.1 @ CentOS 7.9, OpenJDK 1.8.0_282-b08
SSH Credentials 1.18.1

Node:
Windows agent, version 4.6
Microsoft Windows Server 2019 Standard, 10.0.17763
Java(TM) SE Runtime Environment 1.8.0_231-b11
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 (bundled, "native" C:\Windows\System32\OpenSSH\ssh.exe)

Show
Controller: Jenkins 2.277.1 @ CentOS 7.9, OpenJDK 1.8.0_282-b08 SSH Credentials 1.18.1 Node: Windows agent, version 4.6 Microsoft Windows Server 2019 Standard, 10.0.17763 Java(TM) SE Runtime Environment 1.8.0_231-b11 OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 (bundled, "native" C:\Windows\System32\OpenSSH\ssh.exe)

Similar Issues:

Show

When trying to use the bundled port of OpenSSH that now ships with Windows together with a private SSH key provided by the SSH Credentials plugin, you get this error:

C:\workspace\test>ssh -o StrictHostKeyChecking=no -i **** ****@host.domain.com pwd
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\workspace\\test@tmp\\secretFiles\\1756ff19-9738-4c58-89c0-84ca8b0d81dc\\ssh-key-A_KEY' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\workspace\\test@tmp\\secretFiles\\1756ff19-9738-4c58-89c0-84ca8b0d81dc\\ssh-key-A_KEY": bad permissions
****@host.domain.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

If file permissions are adjusted like this:

C:\workspace\test>Icacls **** /c /t /Inheritance:d 
processed file: ****
Successfully processed 1 files; Failed processing 0 files
C:\workspace\test>Icacls **** /c /t /Grant ****:F 
processed file: ****
Successfully processed 1 files; Failed processing 0 files
C:\workspace\test>Icacls **** /c /t /Remove Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users 
processed file: ****
Successfully processed 1 files; Failed processing 0 files
C:\workspace\test>ssh -o StrictHostKeyChecking=no -i **** ****@host.domain.com "ls -la /var/ci/ws/" 
total 1488
drwx------. 5 **** **** 73 Mar 11 06:38 .
drwxr-xr-x. 3 **** **** 16 Aug 26 2019 ..
drwxrwxr-x. 3 **** **** 26 Oct 23 2019 caches
drwxrwxr-x. 4 **** **** 34 Aug 26 2019 remoting
-rw-rw-r--. 1 **** **** 1506923 Mar 11 06:38 remoting.jar
drwxrwxr-x. 164 **** **** 12288 Mar 22 15:15 workspace
C:\workspace\test>exit 0 
Finished: SUCCESS

it works just fine, including clean-up of the secret key file when the build is done.

(Solution/workaround from https://superuser.com/questions/1309447/how-to-secure-ssh-private-key-on-windows-10)

Assignee:: Unassigned

Reporter:: Jesper Andersson

Votes:: 5 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2021-03-24 19:32

Updated:: 2021-03-30 01:56

Details

Description

Attachments

Activity

People

Dates