[JENKINS-69149] Set 'Known hosts file' strategy as default #882
Conversation
|
I prefer this over #881 but want to do some interactive testing with CentOS 7 systems and want to check the upgrade behavior for users that have already installed the git client plugin with the security fix. |
| @@ -2697,6 +2698,9 @@ private String launchCommandIn(ArgumentListBuilder args, File workDir, EnvVars e | |||
|
|
|||
| return stdout; | |||
| } catch (GitException | InterruptedException e) { | |||
| if (getHostKeyFactory() instanceof AcceptFirstConnectionVerifier) { | |||
| listener.getLogger().println("If you are using OpenSSH < 7.6 please choose another strategy to verify ssh host key in ‘Manage Jenkins’ -> ‘Configure Global Security’ -> ‘Git Host Key Verification Configuration'"); | |||
There was a problem hiding this comment.
Can we tighten the check for printing this message? For example, if (e.getMessage().contains("unsupported option "accept-new")) { ... }.
Also, it could be nice to make the message into a hyperlink to https://plugins.jenkins.io/git-client/#plugin-content-ssh-host-key-verification using HyperlinkNote.
Also, I think you need to update README.md to update the reference to the default setting. Maybe a help.html file also needs to be updated?
One other thing - for Jenkins instances on fresh servers, KnownHostsFileVerificationStrategy will fail because known_hosts will be empty, right? That was one nice thing about AcceptFirstConnectionVerifier. Maybe we should also check what that error message is like and print a special message here in that case as well.
There was a problem hiding this comment.
Can we tighten the check for printing this message? For example, if (e.getMessage().contains("unsupported option "accept-new")) { ... }.
Also, it could be nice to make the message into a hyperlink to https://plugins.jenkins.io/git-client/#plugin-content-ssh-host-key-verification using HyperlinkNote.
Also, I think you need to update README.md to update the reference to the default setting. Maybe a help.html file also needs to be updated?
done in 9dea3f2
One other thing - for Jenkins instances on fresh servers, KnownHostsFileVerificationStrategy will fail because known_hosts will be empty, right? That was one nice thing about AcceptFirstConnectionVerifier. Maybe we should also check what that error message is like and print a special message here in that case as well.
In that case the error message would be a 'usual' message, signalling that no host keys was provided for Host, see
console screenshots:
Cli git:
JGit:
I guess on fresh servers known_hosts file most likely not exists, what if we manually check it and print hint message in that case? see f8d6af0
…nown_hosts_file # Conflicts: # images/ssh-host-key-verification.png
|
I'd like to see additional interactive testing to check some cases that I think might hide surprises. I hope to assist with that Monday or Tuesday so that we can merge and release this change this in the first week of August. Interactive test results I'd like to see:
|
|
Thanks @MarkEWaite , I’ve tested all 5 cases (p3 and p5 looks the same) locally on MacOS + docker linux agent. Please re-verify fix on CentOS 7. Could you also please test that hint message for AcceptFirstConnection displayed correctly (I don’t have environment to reproduce Steps to quickly test it:
|
| @@ -54,4 +64,11 @@ public boolean verifyServerHostKey(String hostname, int port, String serverHostK | |||
| } | |||
| } | |||
|
|
|||
| private void logHint(TaskListener listener) { | |||
| listener.getLogger().println(HyperlinkNote.encodeTo("https://plugins.jenkins.io/git-client/#plugin-content-ssh-host-key-verification/","You're using 'Known host file' strategy to verify ssh host keys," + | |||
| " but your known_hosts file not exists, please go to " + | |||
There was a problem hiding this comment.
| " but your known_hosts file not exists, please go to " + | |
| " but your known_hosts file does not exist, please go to " + |
| " but your known_hosts file not exists, please go to " + | ||
| "‘Manage Jenkins’ -> ‘Configure Global Security’ -> ‘Git Host Key Verification Configuration' " + | ||
| " but your known_hosts file does not exist, please go to " + | ||
| "‘Manage Jenkins’ -> ‘Configure Global Security’ -> ‘Git Host Key Verification Configuration‘ " + |
There was a problem hiding this comment.
Should there be non-ASCII "funny quotes" emitted here? I think standard single-quotes can suffice to keep things simple?
Or is there a precedent for using them anyway?
There was a problem hiding this comment.
let's use simple quotes to be safe
src/main/java/org/jenkinsci/plugins/gitclient/verifier/KnownHostsFileVerifier.java
Outdated
Show resolved
Hide resolved
src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
Outdated
Show resolved
Hide resolved
src/main/java/org/jenkinsci/plugins/gitclient/verifier/KnownHostsFileVerifier.java
Outdated
Show resolved
Hide resolved
|
@Pldi23 I think that we should merge the 3.11.x branch into the master branch rather than merge this pull request. That has the side effect of squashing all the changes made in this pull request into the few that arrived on the 3.11.x branch. Is that OK with you? That will then allow me to use the master branch for the 3.12.0 release that includes JGit 5.13.1 and can update the minimum required Jenkins version to something much newer than 2.289.1 |
@MarkEWaite yes, sure |
|
Thankkos @Pldi23 . I'll release 3.10.0.2 now and will try to release 3.11.2 within the next hour. |
JENKINS-69149 Set 'Known hosts file' strategy as default
Alternatively to #881.
Change default ssh host key checking strategy to 'Known hosts file' and add hint log for users that uses cli git and 'Accept first connection' to avoid using it on OpenSSH < 7.6.