Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-70434

Jenkins, Git Host Key Verification Configuration

    • Icon: New Feature New Feature
    • Resolution: Won't Do
    • Icon: Minor Minor
    • git-client-plugin
    • jenkins: 2.362
      git-client plugin: 3.11.2

      Since git-client version 3.11.2
      JENKINS-69149 Set 'Known hosts file' strategy as default.
      Is it possible to change the default strategy to "Accept first connection" via init groovy script.
      At javadoc there are some docs about that, link

      At the moment I can't get the Exntesion list or descriptor of that class.

      Jenkins jenkins = Jenkins.getInstance()
      def gitClient = jenkins.getExtensionList(org.jenkinsci.plugins.gitclient.verifier.SshHostKeyVerificationStrategy.class)[0]
      
      println gitClient

      And I get this result:

      org.jenkinsci.plugins.gitclient.verifier.NoHostKeyVerificationStrategy@1f0e0623 

      But the current value is - "Known Host File". Even if I'll change the value through UI, the result won't change and still "NoHostKeyVerificationStrategy".

      Can you please help me with this situation.

          [JENKINS-70434] Jenkins, Git Host Key Verification Configuration

          Mark Waite added a comment - - edited

          The preferred method to automate the configuration of the git client plugin ssh host key verification strategy is through configuration as code. See the git client plugin documentation for an example that shows how to use configuration as code to switch to accept first connection.

          If you're not willing to use configuration as code, then you could store a copy of org.jenkinsci.plugins.gitclient.GitHostKeyVerificationConfiguration.xml in the same repository where you store the groovy initialization scripts.

          Mark Waite added a comment - - edited The preferred method to automate the configuration of the git client plugin ssh host key verification strategy is through configuration as code. See the git client plugin documentation for an example that shows how to use configuration as code to switch to accept first connection. If you're not willing to use configuration as code, then you could store a copy of org.jenkinsci.plugins.gitclient.GitHostKeyVerificationConfiguration.xml in the same repository where you store the groovy initialization scripts.

          Baurzhan added a comment -

          markewaite Hi,

          Where I can find the org.jenkinsci.plugins.gitclient.GitHostKeyVerificationConfiguration.xml file?
          Or maybe you mean the GitHostKeyVerificationConfiguration.java on github?

          Baurzhan added a comment - markewaite Hi, Where I can find the org.jenkinsci.plugins.gitclient.GitHostKeyVerificationConfiguration. xml  file? Or maybe you mean the GitHostKeyVerificationConfiguration.java on github?

          Mark Waite added a comment -

          That configuration file is stored in the Jenkins home directory. Same directory that includes the init.groovy.d directory.

          Mark Waite added a comment - That configuration file is stored in the Jenkins home directory. Same directory that includes the init.groovy.d directory.

          Baurzhan added a comment -

          Thanks for quick responce.
          I'm already double checked the entire jenkins contoller and jenkins home dir but didn't find the .xml files related to Host Key Configuration.
          If I apply new yaml config with only 3 lines of code through Jcasc plugin will it overwrite the current jenkins configuration?
          Or the new config will be overwrite only the lines where changes added? 

          Baurzhan added a comment - Thanks for quick responce. I'm already double checked the entire jenkins contoller and jenkins home dir but didn't find the .xml files related to Host Key Configuration . If I apply new yaml config with only 3 lines of code through Jcasc plugin will it overwrite the current jenkins configuration? Or the new config will be overwrite only the lines where changes added? 

          Mark Waite added a comment -

          You'll need to try it and see if it meets your needs.

          If you save the Jenkins global security configuration from the /manage/configureSecurity/ page, I expect it will write that file in the Jenkins home directory.

          Mark Waite added a comment - You'll need to try it and see if it meets your needs. If you save the Jenkins global security configuration from the /manage/configureSecurity/ page, I expect it will write that file in the Jenkins home directory.

          Baurzhan added a comment -

          Thank you Mark,

          I will try the both methods with Jcasc and check the file existing after changing the setting via UI

          Baurzhan added a comment - Thank you Mark, I will try the both methods with Jcasc and check the file existing after changing the setting via UI

          Baurzhan added a comment - - edited

          Small updates,

          You are were right, the file appeared after I changed the settings through UI.

          So now I have a question about the logic.
          Should I copy content of this .xml and store it in init.groovy.d dir and then try to call this xml in groovy script?

          Baurzhan added a comment - - edited Small updates, You are were right, the file appeared after I changed the settings through UI. So now I have a question about the logic. Should I copy content of this .xml and store it in init.groovy.d dir and then try to call this xml in groovy script?

          Mark Waite added a comment -

          I would place that file directly in the JENKINS_HOME directory, without using any groovy to modify it. Example of how I do it is in my docker-lfs repository

          Mark Waite added a comment - I would place that file directly in the JENKINS_HOME directory, without using any groovy to modify it. Example of how I do it is in my docker-lfs repository

          Baurzhan added a comment -

          Thank you Mark,
          I've tested the both methods with Jcasc and .xml file. It works.

          Baurzhan added a comment - Thank you Mark, I've tested the both methods with Jcasc and .xml file. It works.

            markewaite Mark Waite
            baurzhan Baurzhan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: