Thanks, I am going to look at JENKINS-60215, and see if I can patch it.
From: [email protected] <[email protected]> On Behalf Of Ivan Fernandez Calvo Sent: Wednesday, May 27, 2020 12:47 PM To: Jenkins Users <[email protected]> Subject: Re: viewing the public key for a ssh pki credential? You can make groovy magic on the Jenkins console, grab the credential, and extract the public key, but sounds odd. but this pipeline make the job for any credential and it is easy :D pipeline { agent any parameters { credentials credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey', defaultValue: '', description: '', name: 'credential', required: true } stages { stage('Hello') { steps { sshagent([params.credential]) { sh 'ssh-add -L' } } } } } El martes, 26 de mayo de 2020, 19:35:48 (UTC+2), Jason Pyeron escribió: For a given existing credential, how can an authorized keys entry be extracted from Jenkins? (It is easy to do (in java, openssl, ssh-keygen, etc..) if you know the private key) TL;DR Take the following ssh-key being added to Jenkins: $ ssh-keygen.exe -f /tmp/jenkins-issue -t rsa -N '' -C jenkins-issue@hostname Generating public/private rsa key pair. Your identification has been saved in /tmp/jenkins-issue Your public key has been saved in /tmp/jenkins-issue.pub The key fingerprint is: SHA256:NDX21mT0Fp47rDryohouLU88iMAtS6K5enLLHO0PuUE jenkins-issue@hostname The key's randomart image is: +---[RSA 3072]----+ | + .+. | | o o +..o| | o o .oo| |. . . . . ...| |o+ .E S + | |=.+oo. . .| |oo..*= . | |.+o=o=o o .. | |+++.*=o.. +o. | +----[SHA256]-----+ $ cat /tmp/jenkins-issue -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAy6NY6POJ4K4+QF4k6oFFbsonb8POvSSYWiIudXtqST8biPsKGFcl 3dYlKaxk86cKf6E/JTnBrlecyyB5QL9B0U9nxNdm+dY61dP02PS1T7MRGEm8q4v4jkQGfQ m7/7ubSiaJ4xJ/QYCs1gzw0+7A4Sb7dSmruOn7C7nE07rJDlLdmM8TZSdITgVfiw+382bE ojDEwYh0itAoUVxlkiF4QDmohWkexLjINE6klzVsbGUatc7RrMJ21ifxf5ko6z5o7XhGAf HOIxkstOL7WHPeRRMTACBBfCs6FcjhRm5tloA8mv5OTyj8MRJfTIKEVRQZWNcFfZhKEbn3 BR0dhvAHrl26gSuqMLb3vVbV/FnqsZ47ME8GL3UjMqdERjqw6KyvcjOOWqoBtMq2wWsFFc 3IyfLl3cVul8gnb3qQiuuW42o7VsVEfyHHh7T9nHWH1qyVEUUjszOT4syMt2DzMsHCwdsa OPxB/PszpYv9epU9Mit8ZxzKxvNv9BfO3nPaUfULAAAFkJEmPFaRJjxWAAAAB3NzaC1yc2 EAAAGBAMujWOjzieCuPkBeJOqBRW7KJ2/Dzr0kmFoiLnV7akk/G4j7ChhXJd3WJSmsZPOn Cn+hPyU5wa5XnMsgeUC/QdFPZ8TXZvnWOtXT9Nj0tU+zERhJvKuL+I5EBn0Ju/+7m0omie MSf0GArNYM8NPuwOEm+3Upq7jp+wu5xNO6yQ5S3ZjPE2UnSE4FX4sPt/NmxKIwxMGIdIrQ KFFcZZIheEA5qIVpHsS4yDROpJc1bGxlGrXO0azCdtYn8X+ZKOs+aO14RgHxziMZLLTi+1 hz3kUTEwAgQXwrOhXI4UZubZaAPJr+Tk8o/DESX0yChFUUGVjXBX2YShG59wUdHYbwB65d uoErqjC2971W1fxZ6rGeOzBPBi91IzKnREY6sOisr3IzjlqqAbTKtsFrBRXNyMny5d3Fbp fIJ296kIrrluNqO1bFRH8hx4e0/Zx1h9aslRFFI7Mzk+LMjLdg8zLBwsHbGjj8Qfz7M6WL /XqVPTIrfGccysbzb/QXzt5z2lH1CwAAAAMBAAEAAAGBALoEWwFhBn/haygtV5eHwr8zlt a3jTCmLy2Wr83NkQebyDFW8J/Pa9268nOg8Q7JdgOkbiQ5ID179tRus5R7oUnsOSRMh9qM 4W3WkoFk+AL31hPTt68Uy1ZZuXua2sr+uxn/HlH44ZoaSse1RoCyRirmCym5iQ3/Xr4VUk D/DQ4ykA44isUKHzh2HBLRpv2G0PQ/jFwlpB/xigLYXkggntI8WT6VCfA1w1xUwnEF8icK LF4LsOkZMqjqD+a5J/HMLTcF1wqd7SNlUFuNCrWjsfSPejQEE8WDqCFaFkOcho4276ICjP dlNJV/F2hrOcLMzWenNfQbch1Sp0aFin6OpTSzqt66i8W3QZl4zQ61iLJS+jlVRABwMK0d 2Zc1Xwk9O9px2ResXUf31slMVeXXgGTjQzwLvOytifGhOTVIIIeTxgQfcsyY7OgRwhe64o W1Pcj1uzkS6Tj/Lc24jdk/fjwQai7RWVP0k2xYgBkbe/A9V/8bZUQHmsjzSmja2ex/0QAA AMB1l84CrCRmMS7nmFULtSCM0a5bgbobptUoN9f0hCvzt6s2Wu9ImLWyig0R/e5lz2kCqM hoVXAXjFZnWsyQKsZu4vZ2NBm9yGQOp24LXk7/VX+RaIfgrUKrUP+Qep83s44TRtV6q7T4 KYMLLMY31ibECBxPdNQz5o+GxjoNdyxV4lmPGOgz7l0voPu7v6CLN6aW/NQB3TBBgJLEV7 QTvsrXW94pWVyISpa4wGU/+oKGZOEoQAHc4n4xJ6Swezm9Q1cAAADBAPXqOjQoeYUImOqg OVmSCCFkeMJVQNOTevF5FOOSu9MoTsXla2ot2uJDqxkyRvhxKsqHX22rSS5ZbMggXN5gSH gPmDtRpbdqHGSmoPGYcXF45L48E+8gDmySFS0FEx3I5hfcRS0mv6VcVel3P0TG70GP5J/R GDFxbGlWe+U3dSyXaWJBX43ok+Ly4LocdslV8nkqkAtztgjM+MMA5VQjZumi4AZOqeZZgW Qc6Gh/Dyq3ZeVRXFEIz/j+GujTFnJMjQAAAMEA0/1FLiAfJoi0sjbB8zBzwngNQ+XxkuXO ZSNjIfV84VSaUFh1/x3RoV+/00aDyoHVQ7BCNyiLaJ7pC6UTxURkdw1MubbFUB/ZKZadtX OFT2M/FDr3SjoImRpuoUZItddSKuSxmuRiSwCsScwk6QcHQJ2+EMseggEBwZRjO8JJanLw x08wtUWlzBaKsOkhm2mW6SGzPpjDfBum9EnEtFIxaMmGCSHjtBUUcTDnerOo65Nax3cjGV mL5+q+icjzHr33AAAAFmplbmtpbnMtaXNzdWVAaG9zdG5hbWUBAgME -----END OPENSSH PRIVATE KEY----- $ cat /tmp/jenkins-issue.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLo1jo84ngrj5AXiTqgUVuyidvw869JJhaIi51e2pJPxuI+woYVyXd1iUprGTzpwp/oT8lOcGuV5zLIHlAv0HRT2fE12b51jrV0/TY9LVPsxEYSbyri/iORAZ9Cbv/u5tKJonjEn9BgKzWDPDT7sDhJvt1Kau46fsLucTTuskOUt2YzxNlJ0hOBV+LD7fzZsSiMMTBiHSK0ChRXGWSIXhAOaiFaR7EuMg0TqSXNWxsZRq1ztGswnbWJ/F/mSjrPmjteEYB8c4jGSy04vtYc95FExMAIEF8KzoVyOFGbm2WgDya/k5PKPwxEl9MgoRVFBlY1wV9mEoRufcFHR2G8AeuXbqBK6owtve9VtX8WeqxnjswTwYvdSMyp0RGOrDorK9yM45aqgG0yrbBawUVzcjJ8uXdxW6XyCdvepCK65bjajtWxUR/IceHtP2cdYfWrJURRSOzM5PizIy3YPMywcLB2xo4/EH8+zOli/16lT0yK3xnHMrG82/0F87ec9pR9Qs= jenkins-issue@hostname It can be added to Jenkins like so: [Images reduced] Which then shows up as: This screen does not show the public key for a job author / node administrator to add to the authorized_keys, etc. Drilling in to the detail by clicking on the entry takes to another screen: But this screen does not have the public key either. Choosing update, shows us the configuration, less the private key: Still no public key. Now this screen may be restricted more than those who need the public key have access too. But if you could get here, and could see the private key, you could regenerate the public key from the private key. The only workaround, known to me, is to put the public key in the description at the time of import. This has a quite annoying drawback – it puts a horizontal scroll bar on every screen where the credential is mentioned or used. This makes configuring jobs fragile when controls are pushed outside of the normal UI limits. v/r, JAson -- Jason Pyeron | Architect PD Inc | 10 w 24th St | Baltimore, MD | .mil: [email protected] <javascript:> .com: [email protected] <javascript:> tel : 202-741-9397 -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9a0beff4-3079-4e99-873b-ac86d9cb4268%40googlegroups.com <https://groups.google.com/d/msgid/jenkinsci-users/9a0beff4-3079-4e99-873b-ac86d9cb4268%40googlegroups.com?utm_medium=email&utm_source=footer> . -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1bce01d63452%24a801a110%24f804e330%24%40pdinc.us.
