Jenkins: How to restrict “SSH Remote Host” to specific users?



  • Suppose there are two users who have created two different jobs on the Jenkins server. Each user can only access, configure and run his own job. On each job, they are going to execute a remote ssh command. So I have configured two "SSH remote hosts" through "Manage Jenkins > Configure System > SSH remote hosts" (the SSH plugin is installed). Now in the build section of each job, it's possible to select one of these two ssh connections to execute a remote command. My question is, how to restrict access of users to these ssh connections. I want each user to only be able to access his own SSH connection, so that they cannot execute commands on the remote computers they should not have access to.

    (I am using Jenkins to execute automatic test scripts for projects. This is how it works: I bind a job to the SVN address of a development project, Jenkins checkouts that address frequently to see if the source code of project has changed, if so, then build steps are run. Through these build steps, I run test scripts on remote machines and if any of these tests fail, the Jenkins job becomes cloudy meaning there is something wrong in the source code of project.)



  • You might be able to do something by swapping out the login shell from /bin/sh to /usr/local/someLoginCheck script so that when users use the ssh remote it checks the job name or some other environment variable set in the job. For example, at the top of the users script:

    #!/usr/local/someLoginCheck a650ef01ddcf4e1bfb68ee0af5566170
    

    Another option would be to use the Publish Over SSH Plugin which can let you specify credentials to use during the connection - This would let you issue credentials to each user, and then have the server decide whether to allow the connection or not.

    enter image description here


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2