How can I pass configuration options to ssh when connecting to an agent?

Hi there. I’m running Jenkins 2.361.4 using the jenkins/jenkins image from DockerHub. I have the
SSH Build Agents plugin version 2.854.v7fd446b_337c9 installed.

In order to be able to connect from the container hosting my jenkins server to a Windows slave via ssh I have to pass the option -c aes128-ctr to the ssh in the command line.

I can avoid the need to pass the option explicitly by putting something like this in the ~/.ssh/config file:

Host slavename
  Ciphers aes128-ctr

It seems that Jenkins’s embedded ssh isn’t reading this file though.

I’ve looked at the plugin source but I couldn’t find any mention of the configuration file.

How can I set this configuration option to the embedded ssh in Jenkins?


if you only want to allow aes128-ctr cipher on your connections, you must configure your SSH server only to accept aes128-ctr cipher, this resolves your issue, and you do not have to configure anything on any other place, see sshd_config - How to Configure the OpenSSH Server?
I thought the SSH Build Agents plugin loads the ~/.ssh/config file but it is not, it only loads the ~/.ssh/known_hosts if you configure to do it. So the only way to limit the ciphers on the Jenkins controller side is to configure Java to allow only the Ciphers you want, see

  • List item

Thanks for confirming that currently there is no way to pass options to the ssh client embedded in Jenkins.

Thanks also for the good idea of configuring the option in the server. I’m considering this a solution to the problem.

I’m having difficulties making the sshd in Windows read the configuration file, but this is another problem that I’m going to tackle next.

Thank you!