SSHD module to plugin

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSHD module to plugin

kuisathaverat
Hi,

I have a bunch of PRs ready to move forward for a few months, these PRs are to convert the SSHD Module to a plugin and after that bump the Apache Minda sshd library.
We are using a really old Apache Minda sshd that is a security risk and move the SSHD module outside of the core could help to have simpler Jenkins instances without services you do not need/want.
Thus I would like to make progress and close stuff to start new things related to that in the SSH Build Agents plugin. How we can manage this?


Update the Apache Minda sshd library

--
BR
Iván Fernández Calvo

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAKo5QrqCdukegd5A_FrEmxL3fxHO-7KZfMHsxkzufyB5bzxGiQ%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: SSHD module to plugin

Oleg Nenashev
We should definitely update the library and detach it, rather sooner than later. Otherwise the next CVE in Apache Mina may make our life very fun.
Since we had a new LTS cutoff recently, it is a good timing for such change.

Some notes about Apache Mina update to 2.x:
  • There are multiple plugins using Apache Mina code https://github.com/search?l=Java&q=org%3Ajenkinsci+%22org.apache.sshd%22&type=Code . Examples: Git Server, SSH Credentials, Gerrit Trigger, Remote Terminal Access, SSH CLI. Since the update is a potentially breaking change, it would be great to verify these plugins before the changes land
  • There is at least one proprietary plugin depending on Mina SSH code
I definitely support a two-stage update when the first plugin version uses old Apache Mina.

Best regards,
Oleg


On Friday, February 12, 2021 at 1:06:00 PM UTC+1 [hidden email] wrote:
Hi,

I have a bunch of PRs ready to move forward for a few months, these PRs are to convert the SSHD Module to a plugin and after that bump the Apache Minda sshd library.
We are using a really old Apache Minda sshd that is a security risk and move the SSHD module outside of the core could help to have simpler Jenkins instances without services you do not need/want.
Thus I would like to make progress and close stuff to start new things related to that in the SSH Build Agents plugin. How we can manage this?


Update the Apache Minda sshd library

--
BR
Iván Fernández Calvo

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/62eba768-3d6a-449b-b83d-125c31b374ffn%40googlegroups.com.