[JENKINS-45001] KnownHostsFileKeyVerificationStrategy is not configur…

…able (#167)
jenkinsci · Oct 13, 2019 · ac41255 · darxriggs · Oct 15, 2019 · darxriggs
1 parent 1f57ea3
commit ac41255
Show file tree

Hide file tree

Showing 3 changed files with 385 additions and 367 deletions.
diff --git a/doc/CONFIGURE.md b/doc/CONFIGURE.md
@@ -101,7 +101,8 @@ Controls how Jenkins verifies the SSH key presented by the remote host whilst co
 ![](images/hkvs-known-hosts.png)
 
 Checks the known_hosts file (~/.ssh/known_hosts) for the user Jenkins is executing under 
-to see if an entry exists that matches the current connection.
+to see if an entry exists that matches the current connection. It is possibel to change the default file by setting
+the Java property `-Dhudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy.known_hosts_file=PATH_TO_FILE`
 
 This method does not make any updates to the Known Hosts file, instead using the file as a read-only source and expecting
 someone with suitable access to the appropriate user account on the Jenkins master to update the file as required,

diff --git a/src/main/java/hudson/plugins/sshslaves/verifiers/KnownHostsFileKeyVerificationStrategy.java b/src/main/java/hudson/plugins/sshslaves/verifiers/KnownHostsFileKeyVerificationStrategy.java
@@ -25,8 +25,13 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 
 import hudson.slaves.ComputerLauncher;
+import org.apache.commons.lang.StringUtils;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
 import org.kohsuke.stapler.DataBoundConstructor;
 
 import com.trilead.ssh2.KnownHosts;
@@ -44,8 +49,11 @@
  * @since 1.13
  */
 public class KnownHostsFileKeyVerificationStrategy extends SshHostKeyVerificationStrategy {
-
-	private static final File KNOWN_HOSTS_FILE = new File(new File(new File(System.getProperty("user.home")), ".ssh"), "known_hosts");
+
+  public static final String KNOWN_HOSTS_DEFAULT = Paths.get(System.getProperty("user.home"), ".ssh", "known_hosts").toString();
+  public static final String KNOWN_HOSTS_PROPERTY = KnownHostsFileKeyVerificationStrategy.class.getName() + ".known_hosts_file";
+  private static final String KNOWN_HOSTS_FILE_PATH = StringUtils.defaultIfBlank(System.getProperty(KNOWN_HOSTS_PROPERTY), KNOWN_HOSTS_DEFAULT);
+  private static final File KNOWN_HOSTS_FILE = new File(KNOWN_HOSTS_FILE_PATH);
 
     @DataBoundConstructor
     public KnownHostsFileKeyVerificationStrategy() {
@@ -92,6 +100,10 @@ public String[] getPreferredKeyAlgorithms(SlaveComputer computer) throws IOExcep
         return knownHosts.getPreferredServerHostkeyAlgorithmOrder(((SSHLauncher) launcher).getHost());
     }
 
+    @Restricted(NoExternalUse.class)
+    public File getKnownHostsFile(){
+      return KNOWN_HOSTS_FILE;
+    }
 
     @Extension
     public static class KnownHostsFileKeyVerificationStrategyDescriptor extends SshHostKeyVerificationStrategyDescriptor {