Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21436

SSH Plugin: Passwords for SSH Sites are stored in plaintext

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ssh-plugin
    • Labels:
    • Environment:
      O/s: slc 6.5
      ssh plugin v. 2.4
    • Similar Issues:

      Description

      Unlike the credentials for connecting to slaves, the password for ssh sites (stored in org.jvnet.hudson.plugins.SSHBuildWrapper.xml) are stored in plaintext.

      <?xml version='1.0' encoding='UTF-8'?>
      <org.jvnet.hudson.plugins.SSHBuildWrapper_-DescriptorImpl plugin="ssh@2.4">
      <sites>
      <org.jvnet.hudson.plugins.SSHSite>
      <hostname>myhost</hostname>
      <port>22</port>
      <username>sgeorgio</username>
      <password>plainpass</password>
      <keyfile></keyfile>
      <serverAliveInterval>0</serverAliveInterval>
      <pty>false</pty>
      </org.jvnet.hudson.plugins.SSHSite>
      </sites>
      </org.jvnet.hudson.plugins.SSHBuildWrapper_-DescriptorImpl>

        Attachments

          Activity

          Hide
          ljader Łukasz Jąder added a comment -

          Recent 2.5 version of ssh-plugin switched to using ssh-credentials plugin.

          Previous plain text credentials will be automatically migrated after 2.5 gets installed.

          Show
          ljader Łukasz Jąder added a comment - Recent 2.5 version of ssh-plugin switched to using ssh-credentials plugin. Previous plain text credentials will be automatically migrated after 2.5 gets installed.

            People

            • Assignee:
              ljader Łukasz Jąder
              Reporter:
              sgeorgio Stefaos Georgiou
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: