Re: Security Vulnerability on my Jenkins Server

2021-02-10 Thread Eric Fetzer 
Thanks, guess we'll have to wait.  It's not based on what we do, it's just
a security scan software.  It's not like anyone can get to it anyway, it's
inside the wall, but it is what it is.  This one will have to become a
POAM.  Do you have any clue when the fix is coming up?  Again, THANKS for
all your help!

On Wed, Feb 10, 2021 at 1:25 PM kuisathaverat 
wrote:

> I’ve re read your first message, you as for “Jenkins CLI over SSH”, there
> you cannot do anything until we replace the ssh-module. The module will
> support those MACs and is not posible to disable them. However, I doubt
> that the Jenkins CLI use those MACs , and you can always use HTTPS.
>
> El El mié, 10 feb 2021 a las 18:28, Eric Fetzer 
> escribió:
>
>> My MACs line says:
>>
>> MACs hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,
>> hmac-ripemd...@openssh.com
>>
>> I believe this is hardened, isn't it?
>>
>> Thanks,
>> Eric
>>
>> On Wed, Feb 10, 2021 at 9:40 AM kuisathaverat 
>> wrote:
>>
>>> hmac-* are Message authentication code algorithms (MACs), so you have to
>>> configure your Message authentication code algorithms (MACs) supported, for
>>> example
>>>
>>> MACs hmac-sha2-256,hmac-sha2-512
>>>
>>> see
>>> https://www.ssh.com/ssh/sshd_config/#common-configuration-changes-for-the-enterprise
>>>
>>> El mié, 10 feb 2021 a las 17:24, Eric Fetzer ()
>>> escribió:
>>>
 Hmmm, I already hardened by that link:
 https://www.ssh.com/ssh/sshd_config

 My /etc/ssh/sshd_config has:

 Ciphers aes128-ctr,aes192-ctr,aes256-ctr

 This is still showing up on my security scan though.  Am I missing
 something?

 Thanks,
 Eric

 On Tue, Feb 9, 2021 at 12:23 PM kuisathaverat 
 wrote:

> There is work in progress to bump the version of the library and
> convert the sshd-module in a plugin to resolve this kind of issues 
> quickly.
> For the moment you can configure your sshd servers on the Agents side to 
> do
> not allow weak ciphers, see https://www.ssh.com/ssh/sshd_config.
>
> https://github.com/jenkinsci/sshd-module/pull/37
> https://github.com/jenkinsci/sshd-module/pull/38
>
>
> El mar, 9 feb 2021 a las 17:19, eric@gmail.com (<
> eric.fet...@gmail.com>) escribió:
>
>> I'm sorry, I just saw the last comment on here and, once again, this
>> showed up on our vulnerability report.  I don't get exactly what I need 
>> to
>> do in order to fix this.  Can someone lay it out for me please?  Thanks -
>> Eric
>>
>> On Wednesday, August 26, 2020 at 12:39:40 PM UTC-6
>> kuisat...@gmail.com wrote:
>>
>>> I was wrong you cannot configure the ciphers for the ssh server on
>>> the Java security files. The SSH server on Jenkins uses the
>>> https://github.com/apache/mina-sshd , IIRC the Jenkins
>>> implementation of the ssh server not read the sshd_config files so it is
>>> not posible to configure the ssh server. Apache mina has deprecated and
>>> disable those algorithms on 2.6.0
>>> https://issues.apache.org/jira/browse/SSHD-1004, the sshd-module
>>> and CLI are using 1.7.0
>>> https://github.com/jenkinsci/sshd-module/blob/master/pom.xml#L42
>>>  and
>>> https://github.com/jenkinsci/jenkins/blob/master/cli/pom.xml#L77 So
>>> I guess both should bump the dependency to remove support for weak
>>> algorithms
>>>
>>>
>>> El miércoles, 26 de agosto de 2020 a las 16:06:22 UTC+2,
>>> eric@gmail.com escribió:
>>>
 I think I found the solution to this:


 https://www.thegeekdiary.com/how-to-disable-md5-based-hmac-algorithms-for-ssh/


 On Tuesday, August 25, 2020 at 1:59:49 PM UTC-6 eric@gmail.com
 wrote:

> I'm confused.  It doesn't look like the ciphers the vulnerability
> is citing are allowed in the java.security file on this system.  We're
> getting flagged for:
>
>  hmac-md5
>   hmac-md5-96
>   hmac-sha1-96
>
> Settings are:
>
> jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize
> < 1024, \
> EC keySize < 224, 3DES_EDE_CBC, anon, NULL
>
> Am I missing this, not a java security expert by any means...
> Thanks!
> On Monday, August 24, 2020 at 11:09:43 AM UTC-6
> kuisat...@gmail.com wrote:
>
>> Yes, configuring the ciphers accepted by your JDK edit the
>> file lib\security\java.security (the path will vary based on your 
>> Java
>> version)
>>
>> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2,
>> eric@gmail.com escribió:
>>
>>> Hi all!  I'm getting hit by my secuity team for a vulnerability
>>> for the Jenkins CLI via ssh allowing the following weak ciphers:
>>>
>>>   hmac-md5
>>>

Re: Security Vulnerability on my Jenkins Server

2021-02-10 Thread kuisathaverat 
I’ve re read your first message, you as for “Jenkins CLI over SSH”, there
you cannot do anything until we replace the ssh-module. The module will
support those MACs and is not posible to disable them. However, I doubt
that the Jenkins CLI use those MACs , and you can always use HTTPS.

El El mié, 10 feb 2021 a las 18:28, Eric Fetzer 
escribió:

> My MACs line says:
>
> MACs hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd...@openssh.com
>
> I believe this is hardened, isn't it?
>
> Thanks,
> Eric
>
> On Wed, Feb 10, 2021 at 9:40 AM kuisathaverat 
> wrote:
>
>> hmac-* are Message authentication code algorithms (MACs), so you have to
>> configure your Message authentication code algorithms (MACs) supported, for
>> example
>>
>> MACs hmac-sha2-256,hmac-sha2-512
>>
>> see
>> https://www.ssh.com/ssh/sshd_config/#common-configuration-changes-for-the-enterprise
>>
>> El mié, 10 feb 2021 a las 17:24, Eric Fetzer ()
>> escribió:
>>
>>> Hmmm, I already hardened by that link:
>>> https://www.ssh.com/ssh/sshd_config
>>>
>>> My /etc/ssh/sshd_config has:
>>>
>>> Ciphers aes128-ctr,aes192-ctr,aes256-ctr
>>>
>>> This is still showing up on my security scan though.  Am I missing
>>> something?
>>>
>>> Thanks,
>>> Eric
>>>
>>> On Tue, Feb 9, 2021 at 12:23 PM kuisathaverat 
>>> wrote:
>>>
 There is work in progress to bump the version of the library and
 convert the sshd-module in a plugin to resolve this kind of issues quickly.
 For the moment you can configure your sshd servers on the Agents side to do
 not allow weak ciphers, see https://www.ssh.com/ssh/sshd_config.

 https://github.com/jenkinsci/sshd-module/pull/37
 https://github.com/jenkinsci/sshd-module/pull/38


 El mar, 9 feb 2021 a las 17:19, eric@gmail.com (<
 eric.fet...@gmail.com>) escribió:

> I'm sorry, I just saw the last comment on here and, once again, this
> showed up on our vulnerability report.  I don't get exactly what I need to
> do in order to fix this.  Can someone lay it out for me please?  Thanks -
> Eric
>
> On Wednesday, August 26, 2020 at 12:39:40 PM UTC-6 kuisat...@gmail.com
> wrote:
>
>> I was wrong you cannot configure the ciphers for the ssh server on
>> the Java security files. The SSH server on Jenkins uses the
>> https://github.com/apache/mina-sshd , IIRC the Jenkins
>> implementation of the ssh server not read the sshd_config files so it is
>> not posible to configure the ssh server. Apache mina has deprecated and
>> disable those algorithms on 2.6.0
>> https://issues.apache.org/jira/browse/SSHD-1004, the sshd-module and
>> CLI are using 1.7.0
>> https://github.com/jenkinsci/sshd-module/blob/master/pom.xml#L42 and
>> https://github.com/jenkinsci/jenkins/blob/master/cli/pom.xml#L77 So
>> I guess both should bump the dependency to remove support for weak
>> algorithms
>>
>>
>> El miércoles, 26 de agosto de 2020 a las 16:06:22 UTC+2,
>> eric@gmail.com escribió:
>>
>>> I think I found the solution to this:
>>>
>>>
>>> https://www.thegeekdiary.com/how-to-disable-md5-based-hmac-algorithms-for-ssh/
>>>
>>>
>>> On Tuesday, August 25, 2020 at 1:59:49 PM UTC-6 eric@gmail.com
>>> wrote:
>>>
 I'm confused.  It doesn't look like the ciphers the vulnerability
 is citing are allowed in the java.security file on this system.  We're
 getting flagged for:

  hmac-md5
   hmac-md5-96
   hmac-sha1-96

 Settings are:

 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize
 < 1024, \
 EC keySize < 224, 3DES_EDE_CBC, anon, NULL

 Am I missing this, not a java security expert by any means...
 Thanks!
 On Monday, August 24, 2020 at 11:09:43 AM UTC-6 kuisat...@gmail.com
 wrote:

> Yes, configuring the ciphers accepted by your JDK edit the
> file lib\security\java.security (the path will vary based on your Java
> version)
>
> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2,
> eric@gmail.com escribió:
>
>> Hi all!  I'm getting hit by my secuity team for a vulnerability
>> for the Jenkins CLI via ssh allowing the following weak ciphers:
>>
>>   hmac-md5
>>   hmac-md5-96
>>   hmac-sha1-96
>>
>> Is there a way to configure ciphers accepted for the Jenkins CLI?
>>
>> Thanks,
>> Eric
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/f84HCfhF4vY/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
>

Re: Set-Variable : Cannot process command because of one or more missing mandatory parameters: Name.

2021-02-10 Thread Slide 
FYI, I started to look at this again and will hopefully have a PR soon.

On Tue, Feb 9, 2021, 08:07 Slide  wrote:

> That will cause problems, the ssh-agents-plugin is not set up to handle
> PowerShell as the default shell. I looked into it a while back but didn't
> make good progress.
>
> On Tue, Feb 9, 2021 at 2:45 AM Amedee Van Gasse 
> wrote:
>
>> FYI PowerShell is the default SSH shell on this machine.
>>
>> On Tuesday, February 9, 2021 at 10:27:38 AM UTC+1 Amedee Van Gasse wrote:
>>
>>> I got this when connecting to a Windows node, how do I fix this?
>>>
>>> [02/09/21 10:20:58] [SSH] SSH host key matches key seen previously for
>>> this host. Connection will be allowed.
>>> [02/09/21 10:20:58] [SSH] Authentication successful.
>>> [02/09/21 10:20:59] [SSH] The remote user's environment is:
>>> Set-Variable : Cannot process command because of one or more missing
>>> mandatory parameters: Name.
>>> At line:1 char:1
>>> + set
>>> + ~~~
>>> + CategoryInfo  : InvalidArgument: (:) [Set-Variable],
>>> ParameterBindingException
>>> + FullyQualifiedErrorId :
>>> MissingMandatoryParameter,Microsoft.PowerShell.Commands.SetVariableCommand
>>>
>>> [02/09/21 10:21:00] [SSH] Checking java version of
>>> C:\Users\jenkins/jdk/bin/java
>>> [02/09/21 10:21:01] [SSH] C:\Users\jenkins/jdk/bin/java -version
>>> returned 11.0.10.
>>> [02/09/21 10:21:01] [SSH] Starting sftp client.
>>> [02/09/21 10:21:01] [SSH] Copying latest remoting.jar...
>>> [02/09/21 10:21:02] [SSH] Copied 1,521,553 bytes.
>>> Expanded the channel window size to 4MB
>>> [02/09/21 10:21:02] [SSH] Starting agent process: cd "C:\Users\jenkins"
>>> && C:\Users\jenkins/jdk/bin/java  -jar remoting.jar -workDir
>>> C:\Users\jenkins -jar-cache C:\Users\jenkins/remoting/jarCache
>>> At line:1 char:23
>>> + cd "C:\Users\jenkins" && C:\Users\jenkins/jdk/bin/java  -jar remoting
>>> ...
>>> +   ~~
>>> The token '&&' is not a valid statement separator in this version.
>>> + CategoryInfo  : ParserError: (:) [],
>>> ParentContainsErrorRecordException
>>> + FullyQualifiedErrorId : InvalidEndOfLine
>>>
>>> Agent JVM has terminated. Exit code=1
>>> [02/09/21 10:21:02] Launch failed - cleaning up connection
>>> [02/09/21 10:21:02] [SSH] Connection closed.
>>> SSHLauncher{host='ec2-3-123-229-137.eu-central-1.compute.amazonaws.com',
>>> port=22, credentialsId='b56e65e1-beb0-4ad3-bcaa-e9c7aea3c4f8',
>>> jvmOptions='', javaPath='', prefixStartSlaveCmd='', suffixStartSlaveCmd='',
>>> launchTimeoutSeconds=60, maxNumRetries=10, retryWaitTime=15,
>>> sshHostKeyVerificationStrategy=hudson.plugins.sshslaves.verifiers.ManuallyTrustedKeyVerificationStrategy,
>>> tcpNoDelay=true, trackCredentials=true}
>>> [02/09/21 10:21:02] [SSH] Opening SSH connection to
>>> ec2-3-123-229-137.eu-central-1.compute.amazonaws.com:22.
>>> [02/09/21 10:21:03] [SSH] SSH host key matches key seen previously for
>>> this host. Connection will be allowed.
>>> [02/09/21 10:21:03] [SSH] Authentication successful.
>>> [02/09/21 10:21:03] [SSH] The remote user's environment is:
>>> Set-Variable : Cannot process command because of one or more missing
>>> mandatory parameters: Name.
>>> At line:1 char:1
>>> + set
>>> + ~~~
>>> + CategoryInfo  : InvalidArgument: (:) [Set-Variable],
>>> ParameterBindingException
>>> + FullyQualifiedErrorId :
>>> MissingMandatoryParameter,Microsoft.PowerShell.Commands.SetVariableCommand
>>>
>>> [02/09/21 10:21:04] [SSH] Checking java version of
>>> C:\Users\jenkins/jdk/bin/java
>>> [02/09/21 10:21:04] [SSH] C:\Users\jenkins/jdk/bin/java -version
>>> returned 11.0.10.
>>> [02/09/21 10:21:04] [SSH] Starting sftp client.
>>> [02/09/21 10:21:04] [SSH] Copying latest remoting.jar...
>>> Source agent hash is D866F0B482DB94F38E49B26B465D5DB5. Installed agent
>>> hash is D866F0B482DB94F38E49B26B465D5DB5
>>> Verified agent jar. No update is necessary.
>>> Expanded the channel window size to 4MB
>>> [02/09/21 10:21:09] [SSH] Starting agent process: cd "C:\Users\jenkins"
>>> && C:\Users\jenkins/jdk/bin/java  -jar remoting.jar -workDir
>>> C:\Users\jenkins -jar-cache C:\Users\jenkins/remoting/jarCache
>>> At line:1 char:23
>>> + cd "C:\Users\jenkins" && C:\Users\jenkins/jdk/bin/java  -jar remoting
>>> ...
>>> +   ~~
>>> The token '&&' is not a valid statement separator in this version.
>>> + CategoryInfo  : ParserError: (:) [],
>>> ParentContainsErrorRecordException
>>> + FullyQualifiedErrorId : InvalidEndOfLine
>>>
>>> Agent JVM has terminated. Exit code=1
>>> [02/09/21 10:21:10] Launch failed - cleaning up connection
>>> [02/09/21 10:21:10] [SSH] Connection closed.
>>> connect timed out
>>> SSH Connection failed with IOException: "connect timed out", retrying in
>>> 15 seconds. There are 2 more retries left.
>>> connect timed out
>>> SSH Connection failed with IOException: "connect timed out", retrying in
>>> 15 seconds. There are 1 more retries left.
>>> connect timed out
>>> ERROR:

Re: Security Vulnerability on my Jenkins Server

2021-02-10 Thread Eric Fetzer 
My MACs line says:

MACs hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd...@openssh.com

I believe this is hardened, isn't it?

Thanks,
Eric

On Wed, Feb 10, 2021 at 9:40 AM kuisathaverat 
wrote:

> hmac-* are Message authentication code algorithms (MACs), so you have to
> configure your Message authentication code algorithms (MACs) supported, for
> example
>
> MACs hmac-sha2-256,hmac-sha2-512
>
> see
> https://www.ssh.com/ssh/sshd_config/#common-configuration-changes-for-the-enterprise
>
> El mié, 10 feb 2021 a las 17:24, Eric Fetzer ()
> escribió:
>
>> Hmmm, I already hardened by that link:
>> https://www.ssh.com/ssh/sshd_config
>>
>> My /etc/ssh/sshd_config has:
>>
>> Ciphers aes128-ctr,aes192-ctr,aes256-ctr
>>
>> This is still showing up on my security scan though.  Am I missing
>> something?
>>
>> Thanks,
>> Eric
>>
>> On Tue, Feb 9, 2021 at 12:23 PM kuisathaverat 
>> wrote:
>>
>>> There is work in progress to bump the version of the library and convert
>>> the sshd-module in a plugin to resolve this kind of issues quickly. For the
>>> moment you can configure your sshd servers on the Agents side to do not
>>> allow weak ciphers, see https://www.ssh.com/ssh/sshd_config.
>>>
>>> https://github.com/jenkinsci/sshd-module/pull/37
>>> https://github.com/jenkinsci/sshd-module/pull/38
>>>
>>>
>>> El mar, 9 feb 2021 a las 17:19, eric@gmail.com (<
>>> eric.fet...@gmail.com>) escribió:
>>>
 I'm sorry, I just saw the last comment on here and, once again, this
 showed up on our vulnerability report.  I don't get exactly what I need to
 do in order to fix this.  Can someone lay it out for me please?  Thanks -
 Eric

 On Wednesday, August 26, 2020 at 12:39:40 PM UTC-6 kuisat...@gmail.com
 wrote:

> I was wrong you cannot configure the ciphers for the ssh server on the
> Java security files. The SSH server on Jenkins uses the
> https://github.com/apache/mina-sshd , IIRC the Jenkins implementation
> of the ssh server not read the sshd_config files so it is not posible to
> configure the ssh server. Apache mina has deprecated and disable those
> algorithms on 2.6.0 https://issues.apache.org/jira/browse/SSHD-1004,
> the sshd-module and CLI are using 1.7.0
> https://github.com/jenkinsci/sshd-module/blob/master/pom.xml#L42 and
> https://github.com/jenkinsci/jenkins/blob/master/cli/pom.xml#L77 So I
> guess both should bump the dependency to remove support for weak 
> algorithms
>
>
> El miércoles, 26 de agosto de 2020 a las 16:06:22 UTC+2,
> eric@gmail.com escribió:
>
>> I think I found the solution to this:
>>
>>
>> https://www.thegeekdiary.com/how-to-disable-md5-based-hmac-algorithms-for-ssh/
>>
>>
>> On Tuesday, August 25, 2020 at 1:59:49 PM UTC-6 eric@gmail.com
>> wrote:
>>
>>> I'm confused.  It doesn't look like the ciphers the vulnerability is
>>> citing are allowed in the java.security file on this system.  We're 
>>> getting
>>> flagged for:
>>>
>>>  hmac-md5
>>>   hmac-md5-96
>>>   hmac-sha1-96
>>>
>>> Settings are:
>>>
>>> jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize <
>>> 1024, \
>>> EC keySize < 224, 3DES_EDE_CBC, anon, NULL
>>>
>>> Am I missing this, not a java security expert by any means...
>>> Thanks!
>>> On Monday, August 24, 2020 at 11:09:43 AM UTC-6 kuisat...@gmail.com
>>> wrote:
>>>
 Yes, configuring the ciphers accepted by your JDK edit the
 file lib\security\java.security (the path will vary based on your Java
 version)

 El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2,
 eric@gmail.com escribió:

> Hi all!  I'm getting hit by my secuity team for a vulnerability
> for the Jenkins CLI via ssh allowing the following weak ciphers:
>
>   hmac-md5
>   hmac-md5-96
>   hmac-sha1-96
>
> Is there a way to configure ciphers accepted for the Jenkins CLI?
>
> Thanks,
> Eric
>
 --
 You received this message because you are subscribed to a topic in the
 Google Groups "Jenkins Users" group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/jenkinsci-users/f84HCfhF4vY/unsubscribe
 .
 To unsubscribe from this group and all its topics, send an email to
 jenkinsci-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/jenkinsci-users/07db750a-9c00-40ee-bc68-0a2b051c48fdn%40googlegroups.com
 
 .

>>>
>>>
>>> --
>>> Un Saludo
>>> Iván Fernández Calvo
>>> https://www.linkedin.com/in/iv%C3%A1n-fern%C3%A1ndez-calvo-21425033
>>>
>>> --
>>> You

Re: Security Vulnerability on my Jenkins Server

2021-02-10 Thread kuisathaverat 
hmac-* are Message authentication code algorithms (MACs), so you have to
configure your Message authentication code algorithms (MACs) supported, for
example

MACs hmac-sha2-256,hmac-sha2-512

see
https://www.ssh.com/ssh/sshd_config/#common-configuration-changes-for-the-enterprise

El mié, 10 feb 2021 a las 17:24, Eric Fetzer ()
escribió:

> Hmmm, I already hardened by that link:
> https://www.ssh.com/ssh/sshd_config
>
> My /etc/ssh/sshd_config has:
>
> Ciphers aes128-ctr,aes192-ctr,aes256-ctr
>
> This is still showing up on my security scan though.  Am I missing
> something?
>
> Thanks,
> Eric
>
> On Tue, Feb 9, 2021 at 12:23 PM kuisathaverat 
> wrote:
>
>> There is work in progress to bump the version of the library and convert
>> the sshd-module in a plugin to resolve this kind of issues quickly. For the
>> moment you can configure your sshd servers on the Agents side to do not
>> allow weak ciphers, see https://www.ssh.com/ssh/sshd_config.
>>
>> https://github.com/jenkinsci/sshd-module/pull/37
>> https://github.com/jenkinsci/sshd-module/pull/38
>>
>>
>> El mar, 9 feb 2021 a las 17:19, eric@gmail.com (<
>> eric.fet...@gmail.com>) escribió:
>>
>>> I'm sorry, I just saw the last comment on here and, once again, this
>>> showed up on our vulnerability report.  I don't get exactly what I need to
>>> do in order to fix this.  Can someone lay it out for me please?  Thanks -
>>> Eric
>>>
>>> On Wednesday, August 26, 2020 at 12:39:40 PM UTC-6 kuisat...@gmail.com
>>> wrote:
>>>
 I was wrong you cannot configure the ciphers for the ssh server on the
 Java security files. The SSH server on Jenkins uses the
 https://github.com/apache/mina-sshd , IIRC the Jenkins implementation
 of the ssh server not read the sshd_config files so it is not posible to
 configure the ssh server. Apache mina has deprecated and disable those
 algorithms on 2.6.0 https://issues.apache.org/jira/browse/SSHD-1004,
 the sshd-module and CLI are using 1.7.0
 https://github.com/jenkinsci/sshd-module/blob/master/pom.xml#L42 and
 https://github.com/jenkinsci/jenkins/blob/master/cli/pom.xml#L77 So I
 guess both should bump the dependency to remove support for weak algorithms


 El miércoles, 26 de agosto de 2020 a las 16:06:22 UTC+2,
 eric@gmail.com escribió:

> I think I found the solution to this:
>
>
> https://www.thegeekdiary.com/how-to-disable-md5-based-hmac-algorithms-for-ssh/
>
>
> On Tuesday, August 25, 2020 at 1:59:49 PM UTC-6 eric@gmail.com
> wrote:
>
>> I'm confused.  It doesn't look like the ciphers the vulnerability is
>> citing are allowed in the java.security file on this system.  We're 
>> getting
>> flagged for:
>>
>>  hmac-md5
>>   hmac-md5-96
>>   hmac-sha1-96
>>
>> Settings are:
>>
>> jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize <
>> 1024, \
>> EC keySize < 224, 3DES_EDE_CBC, anon, NULL
>>
>> Am I missing this, not a java security expert by any means...  Thanks!
>> On Monday, August 24, 2020 at 11:09:43 AM UTC-6 kuisat...@gmail.com
>> wrote:
>>
>>> Yes, configuring the ciphers accepted by your JDK edit the
>>> file lib\security\java.security (the path will vary based on your Java
>>> version)
>>>
>>> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2,
>>> eric@gmail.com escribió:
>>>
 Hi all!  I'm getting hit by my secuity team for a vulnerability for
 the Jenkins CLI via ssh allowing the following weak ciphers:

   hmac-md5
   hmac-md5-96
   hmac-sha1-96

 Is there a way to configure ciphers accepted for the Jenkins CLI?

 Thanks,
 Eric

>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Jenkins Users" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/jenkinsci-users/f84HCfhF4vY/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> jenkinsci-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/jenkinsci-users/07db750a-9c00-40ee-bc68-0a2b051c48fdn%40googlegroups.com
>>> 
>>> .
>>>
>>
>>
>> --
>> Un Saludo
>> Iván Fernández Calvo
>> https://www.linkedin.com/in/iv%C3%A1n-fern%C3%A1ndez-calvo-21425033
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Jenkins Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/jenkinsci-users/f84HCfhF4vY/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> jenkinsci-users+unsubscr...@googlegroups.com.
>> To

Re: Security Vulnerability on my Jenkins Server

2021-02-10 Thread Eric Fetzer 
Hmmm, I already hardened by that link:  https://www.ssh.com/ssh/sshd_config

My /etc/ssh/sshd_config has:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

This is still showing up on my security scan though.  Am I missing
something?

Thanks,
Eric

On Tue, Feb 9, 2021 at 12:23 PM kuisathaverat 
wrote:

> There is work in progress to bump the version of the library and convert
> the sshd-module in a plugin to resolve this kind of issues quickly. For the
> moment you can configure your sshd servers on the Agents side to do not
> allow weak ciphers, see https://www.ssh.com/ssh/sshd_config.
>
> https://github.com/jenkinsci/sshd-module/pull/37
> https://github.com/jenkinsci/sshd-module/pull/38
>
>
> El mar, 9 feb 2021 a las 17:19, eric@gmail.com ()
> escribió:
>
>> I'm sorry, I just saw the last comment on here and, once again, this
>> showed up on our vulnerability report.  I don't get exactly what I need to
>> do in order to fix this.  Can someone lay it out for me please?  Thanks -
>> Eric
>>
>> On Wednesday, August 26, 2020 at 12:39:40 PM UTC-6 kuisat...@gmail.com
>> wrote:
>>
>>> I was wrong you cannot configure the ciphers for the ssh server on the
>>> Java security files. The SSH server on Jenkins uses the
>>> https://github.com/apache/mina-sshd , IIRC the Jenkins implementation
>>> of the ssh server not read the sshd_config files so it is not posible to
>>> configure the ssh server. Apache mina has deprecated and disable those
>>> algorithms on 2.6.0 https://issues.apache.org/jira/browse/SSHD-1004,
>>> the sshd-module and CLI are using 1.7.0
>>> https://github.com/jenkinsci/sshd-module/blob/master/pom.xml#L42 and
>>> https://github.com/jenkinsci/jenkins/blob/master/cli/pom.xml#L77 So I
>>> guess both should bump the dependency to remove support for weak algorithms
>>>
>>>
>>> El miércoles, 26 de agosto de 2020 a las 16:06:22 UTC+2,
>>> eric@gmail.com escribió:
>>>
 I think I found the solution to this:


 https://www.thegeekdiary.com/how-to-disable-md5-based-hmac-algorithms-for-ssh/


 On Tuesday, August 25, 2020 at 1:59:49 PM UTC-6 eric@gmail.com
 wrote:

> I'm confused.  It doesn't look like the ciphers the vulnerability is
> citing are allowed in the java.security file on this system.  We're 
> getting
> flagged for:
>
>  hmac-md5
>   hmac-md5-96
>   hmac-sha1-96
>
> Settings are:
>
> jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize <
> 1024, \
> EC keySize < 224, 3DES_EDE_CBC, anon, NULL
>
> Am I missing this, not a java security expert by any means...  Thanks!
> On Monday, August 24, 2020 at 11:09:43 AM UTC-6 kuisat...@gmail.com
> wrote:
>
>> Yes, configuring the ciphers accepted by your JDK edit the
>> file lib\security\java.security (the path will vary based on your Java
>> version)
>>
>> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2,
>> eric@gmail.com escribió:
>>
>>> Hi all!  I'm getting hit by my secuity team for a vulnerability for
>>> the Jenkins CLI via ssh allowing the following weak ciphers:
>>>
>>>   hmac-md5
>>>   hmac-md5-96
>>>   hmac-sha1-96
>>>
>>> Is there a way to configure ciphers accepted for the Jenkins CLI?
>>>
>>> Thanks,
>>> Eric
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Jenkins Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/jenkinsci-users/f84HCfhF4vY/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/07db750a-9c00-40ee-bc68-0a2b051c48fdn%40googlegroups.com
>> 
>> .
>>
>
>
> --
> Un Saludo
> Iván Fernández Calvo
> https://www.linkedin.com/in/iv%C3%A1n-fern%C3%A1ndez-calvo-21425033
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkins Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/jenkinsci-users/f84HCfhF4vY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/CAKo5QrruVhwNoAi_XfMoFmHf_iwg-wPVBM%2BiwyRajRuyvmrbeQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email

Re: How to set limits for Checkstyles, findsbugs and PMD

2021-02-10 Thread Ullrich Hafner 
See quality gates:
https://github.com/jenkinsci/warnings-ng-plugin/blob/master/doc/Documentation.md
 



> Am 09.02.2021 um 19:06 schrieb Ashok reddy :
> 
> Hello Folks,
> 
> Below is the my pipeline script, How can I set the warnings limit for check 
> style warning 
> 
> stage('Build') {
> options {
> timeout(time: 30, unit: "MINUTES")
> }
> steps {
> 
> withMaven(maven: 'Maven-3.5.2') {
> 
> sh 'mvn clean install'
> }
> }
> }
> }
> post {
> always {
> 
> junit testResults: '**/target/surefire-reports/TEST-*.xml'
> recordIssues enabledForFailure: true, tool: checkStyle()
> recordIssues enabledForFailure: true, tool: spotBugs()
> recordIssues enabledForFailure: true, tool: pmdParser(pattern: 
> '**/target/pmd.xml')
> 
> jacoco(
> exclusionPattern: '**/*Test*.class',
> inclusionPattern: '**/*.class',
> sourceInclusionPattern: '**/*.java'
> )
> }
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-users/c349b6a4-f3bf-4464-a4bf-d84a6fc5b0f7n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/992E82E5-51E7-40D6-96B0-EAFB3F7EAEB7%40gmail.com.

Re: How to Hide findbug graphs

2021-02-10 Thread Ullrich Hafner 
Which version of the warnings plugin are you using?
Since https://github.com/jenkinsci/warnings-ng-plugin/releases/tag/v8.8.0 
 empty 
trend charts are hidden.

You can also hide the charts using the property `trendChartType`.
See 
https://github.com/jenkinsci/warnings-ng-plugin/blob/master/doc/Documentation.md#build-trend
 



> Am 09.02.2021 um 18:48 schrieb Ashok reddy :
> 
> multiple empty findbug trend graphs are creating How to hide them from 
> summery? 
> 
> 
> On Tuesday, February 9, 2021 at 10:48:07 PM UTC+5:30 Ashok reddy wrote:
> Hello Team
> 
> I am working on maven pipeline project, below is the pipeline script. I am 
> getting multiple find bug graphs How to Hide them 
> 
> stage('Build') {
> options {
> timeout(time: 30, unit: "MINUTES")
> }
> steps {
> 
> withMaven(maven: 'Maven-3.5.2') {
> 
> sh 'mvn clean install'
> }
> }
> }
> }
> post {
> always {
> 
> junit testResults: '**/target/surefire-reports/TEST-*.xml'
> recordIssues enabledForFailure: true, tool: checkStyle()
> recordIssues enabledForFailure: true, tool: spotBugs()
> recordIssues enabledForFailure: true, tool: pmdParser(pattern: 
> '**/target/pmd.xml')
> 
> jacoco(
> exclusionPattern: '**/*Test*.class',
> inclusionPattern: '**/*.class',
> sourceInclusionPattern: '**/*.java'
> )
> }
> 
> 
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-users/40a80df4-3c39-47ac-a30f-d1d6f5c153fan%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/D666FB7A-F1C1-44B1-BDFD-9B2386E98750%40gmail.com.

Re: Issue with master-agent communication over ssh

2021-02-10 Thread kuisathaverat 
you attached the Jenkins build log and the Agent log, should be also an
exception in the Jenkins log, Is the same you posted before `invalid type
code: 6D`?

El mar, 9 feb 2021 a las 21:23, Jigar R ()
escribió:

> Any recommendations on how should I go about this new error?
>
> On Thursday, February 4, 2021 at 5:26:13 PM UTC-5 Jigar R wrote:
>
>> On Thursday, February 4, 2021 at 12:20:21 PM UTC-5 Jigar R wrote:
>>
>>> On Thu, Feb 4, 2021 at 9:29 AM kuisathaverat 
>>> wrote:
>>>
 I see some serialization fails and this breaks the channel, the plugin
 that causes the exception seems
 https://github.com/jenkinsci/tasks-plugin, and the `[Deprecated] Scan
 workspace for open tasks` I think matters, this plugins has been integrated
 into https://github.com/jenkinsci/warnings-ng-plugin and
 https://github.com/jenkinsci/analysis-model

 ERROR: Step ‘[Deprecated] Scan workspace for open tasks’ aborted due to 
 exception:
 java.io.StreamCorruptedException: invalid type code: 6D
 ...
 at hudson.plugins.tasks.TasksPublisher.perform(TasksPublisher.java:182)
 at 
 hudson.plugins.analysis.core.HealthAwarePublisher.perform(HealthAwarePublisher.java:69)
 at 
 hudson.plugins.analysis.core.HealthAwareRecorder.perform(HealthAwareRecorder.java:298)
 at jenkins.tasks.SimpleBuildStep.perform(SimpleBuildStep.java:112)
 at 
 hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:78)
 at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
 at 
 hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741)
 at 
 hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
 at hudson.model.Build$BuildExecution.post2(Build.java:186)
 at 
 hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
 at hudson.model.Run.execute(Run.java:1919)
 at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
 at hudson.model.ResourceController.execute(ResourceController.java:97)
 at hudson.model.Executor.run(Executor.java:428)


 Thanks for this information. I will move to use warning-ng plugin & see
>>> if it breaks this or not.
>>>
>>
>> I updated jenkins job to use warnings NG instead of deprecated plugins.
>> After lots of trial and error, I found that jenkins SSH agent would throw
>> EOFException while running JaCoCo plugin v3.0.7 (
>> https://plugins.jenkins.io/jacoco/). Attached logs.
>>
>>
>>
>>
>>>
>>> El jue, 4 feb 2021 a las 14:58, Jigar R ()
 escribió:

> Hello Ivan,
>
> Attached the logs in the email
>
>- jenkins.log - jenkins build output
>- Jenkins-agent.log - output from jenkins ssh agent
>
> Jenkins SSH agent was created with following:
>
>-
>- launch method : launch agents via ssh
>- JavaPath: $JAVA_HOME
>- JVM options: -Xmx2048m -Xms2048m
>- Use TCP_NODELAY flag on the ssh connection - enabled
>
> Environment information
>
>
>- Jenkins v2.249.1
>- RH6
>- SSH agent plugin 1.20
>- SSH slaves plugin 1.30.4
>
>
> On Tuesday, February 2, 2021 at 5:27:07 PM UTC-5 kuisat...@gmail.com
> wrote:
>
>> Weird, Could you share a screencapture of what you configurate? Also
>> the whole exception those lines alone mean nothing. Know the version of
>> Jenkins and the version of the SSH build agents plugins you use can help,
>> the memory you have in your agents, if they are bare metal or cloud. In
>> overall if you want help please provide more context.
>>
>> El mar, 2 feb 2021 a las 22:52, Jigar R ()
>> escribió:
>>
>>>
>>>
>>> On Tuesday, February 2, 2021 at 12:20:19 PM UTC-5
>>> kuisat...@gmail.com wrote:
>>>
 >I have 2 different kind of jenkins agents.
 >1. java web start
 >2. ssh
 >If the memory was issue then wouldn't it fail on both cases?

 Not necessarily, starting by the point that are different ways to
 establish the connection, the JNLP agents could not update the 
 remoting jar
 file (depends on your configurations), so you can be running different
 versions of remoting. I agree with Jeff looks like an OOM issue, 
 review my
 comments at
 https://groups.google.com/g/jenkinsci-users/c/nD3s06hSUXE/m/BQKk5GSYBwAJ
 my recommendation is to fix the mem for the remoting process to 1024M
 (-Xmx1024m -Xms1024m) see if the issue disappear or change, if 
 disappear,
 you would have to adjust the remoting process memory to the right one
 between 256M-1024M, to use 512M usually is safe a not too much (but 
 depends
 on your agents' memory we do not know how much they

RE: Documentation

2021-02-10 Thread Jérôme Godbout 
Hi,
good to know those are going to improve, thanks for the heads up.

regards,
Jerome

From: jenkinsci-users@googlegroups.com  On 
Behalf Of Mark Waite
Sent: February 9, 2021 7:36 PM
To: Jenkins Users 
Subject: Re: Documentation



On Tue, Feb 9, 2021 at 3:20 PM Jérôme Godbout 
mailto:godbo...@amotus.ca>> wrote:

I agree about the server having his own version with actual plugin install is a 
good idea. Preventing access to it?! why?! security so I do not expose the 
version of the plugins used? Having an online version up to date is also a good 
thing, people can see what they are missing from not updating. Arguments or 
options showing “starting at verison x.x.x” on it would be even better.

When you dig to do something as banal as checkout git with submodules:

checkout([$class: 'GitSCM'
, branches: [[name: 'master']]
, browser: [$class: 'BitbucketWeb', repoUrl: 
'https://bitbucket.org/amotus/amotus_jenkins.git']
, doGenerateSubmoduleConfigurations: false
, extensions: [[$class: 'CloneOption', noTags: false], [$class: 
'LocalBranch', localBranch: "**"], [$class: 'SubmoduleOption', 
disableSubmodules: false, parentCredentials: true, recursiveSubmodules: true, 
reference: '', trackingSubmodules: false], [$class: 'CleanCheckout']]
, submoduleCfg: []
, userRemoteConfigs: [[credentialsId: 'BitBucketAmotus', url: 
'https://bitbucket.org/amotus/amotus_jenkins.git']]
]);


Yes, improvements are coming in that area of the git plugin from the 
deprecate-submodule-combinator 
branch
 and the add-symbols 
branch.  The ancient 
history that is `doGenerateSubmoduleConfigurations: false` and ` submoduleCfg: 
[]` will not be needed in a future plugin release.  They can be omitted now, 
but they will not even be suggested by pipeline syntax in a future version of 
the plugin.  A prototype build of the 
plugin
 with those changes is already running in my Docker image.  More changes will 
certainly be needed before it is ready to release, but improvements are in 
progress.

The ugliness of `$class: 'GitSCM'` should also go away in a future release of 
the plugin.

https://www.jenkins.io/doc/pipeline/steps/workflow-scm-step/#checkout-check-out-from-version-control

Digging the class depth enough to figure out what you actually need to do it is 
pretty bad, add a gazillion of option that the documentation doesn’t specify 
the default value when unspecify. So you wonder what will actually happen if I 
do not specify that Boolean exactly, is it true or false by default?! Add the 
pain to keep track of the documentation web view alignment of the options and 
data from scrolling down that documents page, is that options child of it or 
the other level above (let me put the cursor back there and scroll up again to 
see what it align with exactly.

You may find it easier to click the online help icons that are presented in the 
Pipeline syntax view at the right side of each field.


I would love to have the default value along the type, and that syntax make it 
pretty hard to read quickly what is going on, spotting anything missing, nearly 
impossible unless you do it a lot of Jenkins pipeline scripts. At some point 
you look at it, and you wonder why you just did not invoke sh/bat shell 
instead.  Have something that make it easier to follow the options depth into 
the web view like above, class in class in class that span over 3x you screen 
and you only have white blank space to keep you understand the options location.

I wish I could provide better description as you said, but I have no clue most 
of it of what it actually does, the plugin should give information about the 
command that are decent. That also apply to base command of pipeline too. 
Having  type: string is just plain not enough for user to understand what you 
want and what kind of format that option should take. Some are well done, the 
branches options  into the gitscm was well done, but the quality is not to that 
level everywhere, and the end user cannot filled those sadly or maybe some 
advance user can, but you just raise the bar for some developers.


From: jenkinsci-users@googlegroups.com 
mailto:jenkinsci-users@googlegroups.com>> On 
Behalf Of Mark Waite
Sent: February 9, 2021 1:48 PM
To: Jenkins Users 
mailto:jenkinsci-users@googlegroups.com>>
Subject: Re: Permissions to see pipeline syntax

I agree wholeheartedly that the online Pipeline Syntax reference inside your 
Jenkins controller is the best choice.  It presents help for exactly the 
current installed plugins and their versions.  I recently added a

Re: Jenkins URL https://.com/ is not working(502 Bad Gateway)

2021-02-10 Thread 'Dirk Heinrichs' via Jenkins Users 
Am Mittwoch, den 10.02.2021, 04:00 -0800 schrieb anilkumar panditi:

> docker run --name myjenkins -d -u root -p 8080:8080 -p 5:5 -v
> $(which docker):/usr/bin/docker -v /jenkins:/var/jenkins_home -v
> /var/run/docker.sock:/var/run/docker.sock  myjenkins
> 
> And i curled from other host and it gets connected and throwing 502
> bad gateway.

>From your first mail, you where running curl with "https://...;, which
means port 443. I see no mapping of port 443 in the above command. Try
running curl with "http://...:8080;.

HTH...

Dirk
-- 
Dirk HeinrichsSenior Systems Engineer, Delivery PipelineOpenText ™ Discovery | 
RecommindPhone: +49 2226 15966 18Email: dheinric@opentext.comWebsite: 
www.recommind.deRecommind GmbH, Von-Liebig-Straße 1, 53359 
RheinbachVertretungsberechtigte Geschäftsführer Gordon Davies, Madhu
Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn,
Registernummer HRB 10646This e-mail may contain confidential and/or privileged 
information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbiddenDiese E-Mail enthält vertrauliche und/oder 
rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-
Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser Mail sind nicht gestattet.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/d39a6b0de00dbc09e825f87193b07b3253c5c464.camel%40opentext.com.


signature.asc
Description: This is a digitally signed message part

Re: Jenkins URL https://.com/ is not working(502 Bad Gateway)

2021-02-10 Thread anilkumar panditi 
Hi Dirk, 
Thank you , 
Jenkins container started like below.

docker run --name myjenkins -d -u root -p 8080:8080 -p 5:5 -v 
$(which docker):/usr/bin/docker -v /jenkins:/var/jenkins_home -v 
/var/run/docker.sock:/var/run/docker.sock  myjenkins

And i curled from other host and it gets connected and throwing 502 bad 
gateway.

Thanks,
Anil

On Wednesday, 10 February 2021 at 16:09:55 UTC+5:30 dheinric wrote:

> Am Mittwoch, den 10.02.2021, 00:14 -0800 schrieb anilkumar panditi:
>
> And i have curled on host where Jenkins running as docker container ,
>
>
> So, this seems to be a Docker question rather than a Jenkins one, doesn't 
> it? Anyway, did you start your container with an appropriate port mapping 
> for port 443 (option -p)? And maybe check that containers on that host are 
> generally reachable from other hosts (or, i.o.w.: that your Docker 
> networking is setup properly).
>
> HTH...
>
> Dirk
>
> -- 
>
> *Dirk Heinrichs*
> Senior Systems Engineer, Delivery Pipeline
> OpenText ™ Discovery | Recommind
> *Phone*: +49 2226 15966 18 <+49%202226%201596618>
> *Email*: dhei...@opentext.com
> *Website*: www.recommind.de
> Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach
> Vertretungsberechtigte Geschäftsführer Gordon Davies, Madhu Ranganathan, 
> Christian Waida, Registergericht Amtsgericht Bonn, Registernummer HRB 10646
> This e-mail may contain confidential and/or privileged information. If you 
> are not the intended recipient (or have received this e-mail in error) 
> please notify the sender immediately and destroy this e-mail. Any 
> unauthorized copying, disclosure or distribution of the material in this 
> e-mail is strictly forbidden
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte 
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail 
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und 
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte 
> Weitergabe dieser Mail sind nicht gestattet.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/50e13aec-6e84-4593-89c1-2baea6ee0e1bn%40googlegroups.com.

Re: Jenkins URL https://.com/ is not working(502 Bad Gateway)

2021-02-10 Thread 'Dirk Heinrichs' via Jenkins Users 
Am Mittwoch, den 10.02.2021, 00:14 -0800 schrieb anilkumar panditi:

> And i have curled on host where Jenkins running as docker container ,

So, this seems to be a Docker question rather than a Jenkins one,
doesn't it? Anyway, did you start your container with an appropriate
port mapping for port 443 (option -p)? And maybe check that containers
on that host are generally reachable from other hosts (or, i.o.w.: that
your Docker networking is setup properly).

HTH...

Dirk
-- 
Dirk HeinrichsSenior Systems Engineer, Delivery PipelineOpenText ™ Discovery | 
RecommindPhone: +49 2226 15966 18Email: dheinric@opentext.comWebsite: 
www.recommind.deRecommind GmbH, Von-Liebig-Straße 1, 53359 
RheinbachVertretungsberechtigte Geschäftsführer Gordon Davies, Madhu
Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn,
Registernummer HRB 10646This e-mail may contain confidential and/or privileged 
information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbiddenDiese E-Mail enthält vertrauliche und/oder 
rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-
Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser Mail sind nicht gestattet.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/67f88f92ac50d7a9e252cc58f6584c5de1a51ad1.camel%40opentext.com.


signature.asc
Description: This is a digitally signed message part

Multibranch Pipeline git events on PR

2021-02-10 Thread Gautam, Rishi 
I was trying to carry out git operations on *any other branch *than the PR
source/destination branch in a jenkins multibranch pipeline.
When I scanned the branches inside the PR build job, I didn't see any other
branches. I only got below branches on* git branch -a *command on pipeline:

* PR-2
  remotes/origin/PR-2
  remotes/upstream/stage


There are other branches like test,master. Are there any workarounds to this?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAF4beLgO26Pw2fQOMvXLxTpop%2B9oDjqUsxkEALKsApE6zNfMRw%40mail.gmail.com.

Jenkins URL https://.com/ is not working(502 Bad Gateway)

2021-02-10 Thread anilkumar panditi 
Hi,
I have configured jenkins URL ,
Manage Jenkins>System configuration>Jenkins Location>Jenkins URL

ex: https://.com/

And i have curled on host where Jenkins running as docker container ,

[root@ip- ~]# curl -kv https://.com/
* About to connect() to DNS.com port 443 (#0)
*   Trying x...
* Connected to DNS.com (IP) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=DNS.com

 HTTP/1.1 502 Bad Gateway
< Server: awselb/2.0
< Date: Wed, 10 Feb 2021 08:11:05 GMT
< Content-Type: text/html
< Content-Length: 122
< Connection: keep-alive


Any idea why its not working , please help?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/3d707af9-577a-4cea-aa68-6b28019a8271n%40googlegroups.com.