Stop Jenkins from modifying known_hosts

Question

I have a Jenkins installation in CentOS 6 where the known hosts file, /var/lib/jenkins/.ssh/known_hosts, is under configuration management.

It contains, for instance, a key to a source control host by hostname (suppose its IP is 1.2.3.4:

label.hostname.tld ssh-rsa ABCDEFGHIJKLMNOPQRSTUV

Whenever Jenkins accesses the source control host via ssh, it ensures that the IP address for the host is inserted into the known_hosts file:

label.hostname.tld ssh-rsa ABCDEFGHIJKLMNOPQRSTUV
1.2.3.4 ssh-rsa ABCDEFGHIJKLMNOPQRSTUV

So I'm considering adding a duplicate entry for the key by IP address, which is an additional overhead if I want to keep all the file contents under configuration management.

Before I do this, I'm wondering: Is there a way to stop Jenkins from doing this? Could there be something in the configuration of the SSH application itself prevent this? Or am I stuck with maintaining two entries for every named host in the Jenkins hosts file?

score 1 · Accepted Answer · answered Aug 01 '14 at 02:42

1

It's not the best method, but you can add extended atributes to that file. You can add "i" flag to the file, to prevent everyone for deleting or modifying it.

Can do this with chattr +i

answered Aug 01 '14 at 02:42

mvillar

438
1
7
19

+1 I didn't know about `chattr` – Ed I Aug 01 '14 at 02:55

Stop Jenkins from modifying known_hosts

1 Answers1