SSH Server Port 33786 - How can we configure it with customized kexalgorithms/hmac/ciphers

hpriya · December 3, 2025, 5:59pm

Hey experts, We are using Jenkins 2.462.3 with Java 17.

The SSH Server running on Port 33786 which is the built-in SSH server for Jenkins reported few outdated and weak algorithms being used.

We want to customize the algorithms based on standard security policies. I went through the Advanced Configuration for SSH Server (We are currently using version 3.237.v883d165a_c1d3) which has few system properties that can be used - excludedKeyExchanges & excludedMacs.

1). Are the System properties still valid?
2). Is there a way to modify ciphers and host algorithms as well?
3). How can I not allow SHA-1 based key algorithms and cbc* based ciphers from the built in SSH-Server?
4). Does upgrading the plugin take care of the allowed algorithms?

P.S - We do plan to upgrade Jenkins core to 2.504.x soon.

Any sort of assistance is appreciated! Thank you!

hpriya · December 3, 2025, 6:05pm

Other SSH related plugins in-use

mina-sshd-api-common:2.13.2-125.v200281b_61d59
mina-sshd-api-core:2.13.2-125.v200281b_61d59
ssh-agent:295.v9ca_a_1c7cc3a_a_
ssh-credentials:308.ve4497b_ccd8f4
ssh:158.ve2a_e90fb_7319
ssh-slaves:2.968.v6f8823c91de4

Topic		Replies	Views
Jenkins controller unable to connect to agents after ssh reconfiguration Ask a question	1	356	September 30, 2022
How can I pass configuration options to ssh when connecting to an agent? Using Jenkins question	2	2238	February 26, 2023
Following error occurs whe we trigger gerrit patchset Community	2	365	July 31, 2024
Supported new SSH plugins for Jenkins version 2.222.3 Ask a question question	3	97	October 31, 2025
SSH server is not working in new jenkins LTS 2.346.3 Ask a question question	1	487	September 22, 2022

SSH Server Port 33786 - How can we configure it with customized kexalgorithms/hmac/ciphers

Related topics