Reputation: 3854
Jenkins security II - Deny anonymous access but allow access via CLI
I previously asked how to get Jenkins to deny anonymous read access here: Jenkins security - hide all screens unless user is logged in. That solution worked great, except that it broke access to Jenkins via the CLI jar, despite the fact that we're using the CLI via an SSH key associated with a user - I guess that access doesn't constitute an "authentication". Is there a way to get the CLI to have read access, but not users using the front-end UI?
Upvotes: 2
Views: 3012
Answers (2)
Reputation: 3854
After some more experimentation, this looks to be a flat-out Jenkins bug - granting the Anonymous user Administrative rights is necessary to make access via the cli jar (with an SSH key) or via HTTP (with the user's API token) work.
Upvotes: 2
Reputation: 27485
When using the CLI, you can pass -jnlpCredentials or -auth parameter.
Found it through trial an error using this:
java -jar slave.jar --help
In your case, you'd use the -auth parameter to specify username:pass
Upvotes: 0
Related Questions
- Allow anonymous access to only one specific Jenkins view or job
- Jenkins security - hide all screens unless user is logged in
- How to restrict credentials in Jenkins?
- Jenkins: Hide job from anonymous users
- How to disable access to certain credentials in Jenkins pipeline
- Jenkins User's authorization to deploy
- How to restrict access to Jenkins?
- Jenkins CLI: using Anonymous permissions instead of the user defined ones
- anonymous access to jenkins workspaces
- Make Jenkins Dashboard Private