Skip to content

Add support for Password Authentication via SSH #2015

Description

@rtchade

What feature do you want to see added?

Please add support for SSH password authentication when launching Windows agents with AMI Type windows-ssh.

Today windows-ssh requires key-based SSH authentication using the configured EC2 key pair/private key. That works for basic process launch, but it creates a Windows network logon session that does not have the same current-user credential/DPAPI behavior as a password-authenticated logon.

For Windows build agents, some tools require a usable current-user security context. One concrete case is Azure Trusted Signing through SignTool.exe with Azure.CodeSigning.Dlib.dll. When using key auth, the current-user security context is not available so any signing commands will fail with Access Denied. If I could have Jenkins do SSH auth using a password instead these commands would work as expected.

WinRM actually has the same issue because it authenticates with NTLM and doesn't have a path for CredSSP, which is required for DPAPI to work correctly. So I'm kind of stuck not being able to run any commands via Jenkins that access credential or certificate APIs for the current user on windows.

Upstream changes

No response

Are you interested in contributing this feature?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions