Hi there. I’m running Jenkins 2.361.4 using the jenkins/jenkins image from DockerHub. I have the SSH Build Agents plugin version 2.854.v7fd446b_337c9 installed.
In order to be able to connect from the container hosting my jenkins server to a Windows slave via ssh I have to pass the option -c aes128-ctr to the ssh in the command line.
I can avoid the need to pass the option explicitly by putting something like this in the ~/.ssh/config file:
Host slavename
Ciphers aes128-ctr
It seems that Jenkins’s embedded ssh isn’t reading this file though.
I’ve looked at the plugin source but I couldn’t find any mention of the configuration file.
How can I set this configuration option to the embedded ssh in Jenkins?
if you only want to allow aes128-ctr cipher on your connections, you must configure your SSH server only to accept aes128-ctr cipher, this resolves your issue, and you do not have to configure anything on any other place, see sshd_config - How to Configure the OpenSSH Server?
I thought the SSH Build Agents plugin loads the ~/.ssh/config file but it is not, it only loads the ~/.ssh/known_hosts if you configure to do it. So the only way to limit the ciphers on the Jenkins controller side is to configure Java to allow only the Ciphers you want, see https://www.java.com/en/configure_crypto.html