Bump sshd from 3.1.0 to 3.242.va_db_9da_b_26a_c3

.github/dependabot.yml

@@ -3,4 +3,8 @@ updates:
   - package-ecosystem: "maven"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: /
+    schedule:
+      interval: "daily"

.github/release-drafter.yml

@@ -1,6 +1,4 @@
 # https://github.com/jenkinsci/.github/blob/master/.github/release-drafter.adoc
+# https://www.jenkins.io/doc/developer/publishing/releasing-cd/#release-notes
 _extends: .github
-# Semantic versioning is used d=for this plugin: https://semver.org/
-version-template: $MAJOR.$MINOR.$PATCH
-tag-template: ssh-slaves-$NEXT_PATCH_VERSION
-name-template: $NEXT_PATCH_VERSION
+

.github/workflows/cd.yaml

@@ -0,0 +1,15 @@
+# Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins
+
+name: cd
+on:
+  workflow_dispatch:
+  check_run:
+    types:
+      - completed
+
+jobs:
+  maven-cd:
+    uses: jenkins-infra/github-reusable-workflows/.github/workflows/maven-cd.yml@v1
+    secrets:
+      MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }}
+      MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }}

.github/workflows/jenkins-security-scan.yml

@@ -0,0 +1,16 @@
+name: Jenkins Security Scan
+on:
+  push:
+    branches:
+      - main
+# see https://github.com/jenkins-infra/jenkins-security-scan/issues/3      
+#  pull_request:
+#    types: [ opened, synchronize, reopened ]
+  workflow_dispatch:
+
+jobs:
+  security-scan:
+    uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v1
+    with:
+      java-cache: '' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate.
+      java-version: 11 # What version of Java to set up for the build.

.gitignore

@@ -8,3 +8,4 @@ target
 .settings
 work
 bin
+.DS_Store

.mvn/extensions.xml

@@ -2,6 +2,6 @@
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>
-    <version>1.0-beta-7</version>
+    <version>1.3</version>
   </extension>
 </extensions>

.mvn/maven.config

@@ -1,2 +1,3 @@
 -Pconsume-incrementals
 -Pmight-produce-incrementals
+-Dchangelist.format=%d.v%s

Jenkinsfile

@@ -6,4 +6,4 @@ def buildConfiguration = [
   [platform: 'linux',   jdk: '11'],
 ]
 
-buildPlugin(configurations: buildConfiguration)
+buildPlugin(configurations: buildConfiguration, timeout: 90)

README.md

@@ -21,4 +21,4 @@ Provides a means to launch agents via SSH.
 ## Notes
 
 This plugin is formerly known as "SSH Slaves Plugin".
-It was renamed in [1.32.0](https://github.com/jenkinsci/ssh-slaves-plugin/releases/tag/ssh-slaves-1.31.0), but the plugin ID was retained as `ssh-slaves` to retain compatibility for the plugin users.
+It was renamed in [1.31.0](https://github.com/jenkinsci/ssh-slaves-plugin/releases/tag/ssh-slaves-1.31.0), but the plugin ID was retained as `ssh-slaves` to retain compatibility for the plugin users.

doc/CONFIGURE.md

@@ -14,7 +14,7 @@ This means that **you have to install a JDK/JRE 8 on your agent** in order to ru
 
 The agent should have **enough memory** to run the remoting process and the builds. 
 
-**The agent needs to be reachable from the master**,
+**The agent needs to be reachable from the Jenkins controller**,
 You have to be ensure that your Jenkins instance can connect through SSH port to your agent; you can check it from the command line.
 You will have to supply an account that can log in on the target machine. No root privileges are required.
 
@@ -106,7 +106,7 @@ to see if an entry exists that matches the current connection. It is possible to
 the Java property `-Dhudson.plugins.sshslaves.verifiers.KnownHostsFileKeyVerificationStrategy.known_hosts_file=PATH_TO_FILE`
 
 This method does not make any updates to the Known Hosts file, instead using the file as a read-only source and expecting
-someone with suitable access to the appropriate user account on the Jenkins master to update the file as required,
+someone with suitable access to the appropriate user account on the Jenkins controller to update the file as required,
 potentially using the ssh hostname command to initiate a connection and update the file appropriately.
 
 #### Manually provided key Verification Strategy
@@ -116,7 +116,7 @@ potentially using the ssh hostname command to initiate a connection and update t
 Checks the key provided by the remote host matches the key set by the user who configured this connection.
 
 The SSH key expected for this connection. This key should be in the form `algorithm value`
-where algorithm is one of ssh-rsa or ssh-dss, and value is the Base 64 encoded content of the key. The keys should be placed in /etc/ssh/<key_name>.pub
+where `algorithm` is one of ssh-rsa, ssh-ed25519, or ecdsa-sha2-nistp256, and `value` is the base 64 encoded content of the key. The public keys for a Linux agent can be read from the agent file system at `/etc/ssh/<key_name>.pub`.
 
 #### Manually trusted key Verification Strategy
 
@@ -226,13 +226,16 @@ See [SSH Build Agents and Cygwin](https://wiki.jenkins.io/display/JENKINS/SSH+sl
 
 ### Launch Windows agents using Microsoft OpenSSH
 
-The current version of the plugin does not run directly on PowerShell, you have to use prefix and suffix settings to trick the command and make it works, Windows 10 machines can run as SSH agents with the Microsoft OpenSSH server by using:
+The current version of the plugin does not run when Powershell is the default shell for the agent system. To connect to the agent you have to use prefix and suffix settings to trick the command and make it work, Windows 10/11 machines can run as SSH agents with the Microsoft OpenSSH server by using:
 
 **Prefix Start Agent Command**
 
 ```
 powershell -Command "cd C:\J\S ; C:\J\S\jdk\bin\java.exe -jar remoting.jar" ; exit 0 ; rem '
 ```
+
+`C:\J\S` is the path to the agent work directory on the agent system. If java is in a different directory, you will need to specify that directory instead of `C:\J\S\jdk\bin`.
+
 **Suffix Start Agent Command**
 
 ```

doc/TROUBLESHOOTING.md

@@ -90,7 +90,7 @@ and see [Logging_and_Troubleshooting](https://en.wikibooks.org/wiki/OpenSSH/Logg
 
 ### Threads stuck at CredentialsProvider.trackAll
 
-If you detect an adnormal number of threads and the thread dump showed a thread for each offline agent stuck waiting for a lock like this:
+If you detect an abnormal number of threads and the thread dump showed a thread for each offline agent stuck waiting for a lock like this:
 
 ```
 at hudson.XmlFile.write(XmlFile.java:186)
@@ -140,7 +140,7 @@ java.lang.NoClassDefFoundError: com/trilead/ssh2/Connection
 
 ### After upgrade to ssh-slaves 1.28+ Failed to connect using SSH key credentials from files
 
-The SSH Build Agents Plugin version newer than 1.28 uses ssh-credentials 1.14, this versions deprecated the use of "From the Jenkins master ~/.ssh", and "From a file on Jenkins master" SSH credential types because [SECURITY-440](https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440), the ssh-credentials plugins should migrate these deprecated credentials to "Enter directly" type on restart but seems there are some cases that it fails or it is not possible.
+The SSH Build Agents Plugin version newer than 1.28 uses ssh-credentials 1.14, this versions deprecated the use of "From the Jenkins controller ~/.ssh", and "From a file on Jenkins controller" SSH credential types because [SECURITY-440](https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440), the ssh-credentials plugins should migrate these deprecated credentials to "Enter directly" type on restart but seems there are some cases that it fails or it is not possible.
 
 The issue is related to ssh-credentials and a deprecated type of credentials, the workaround it is to recreate the credential with the same ID using "Enter directly" for the key, probably if you only save again the credential it will be migrated.
 
@@ -166,7 +166,8 @@ ConversionException: Could not call com.cloudbees.jenkins.plugins.sshcredentials
 
 ### Selenium Grid agents failed to connect
 
-On recent versions of Jenkins Core, [Agent - Master Access Control](https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control) was introduced it seems causes an issue with Selenium Grid Agents, to fix this problem you have to disable: "Manage Jenkins" > "Configure Global Security", and check "Enable Agent → Master Access Control" (as it's said in Jenkin documentation)
+On Jenkins Core 2.89.3, [Agent - Controller Access Control](https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control) was introduced it can causes an issue with Selenium Grid Agents, to fix this problem you have to disable: "Manage Jenkins" > "Configure Global Security", and check "Enable Agent → Controller Access Control" (as it's said in Jenkins documentation) 
+you can see more details at [JENKINS-49118](https://issues.jenkins.io/browse/JENKINS-49118)
 https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control
 
 "On the other hand, if all your agents are trusted to the same degree as your master, then it is safe to leave this subsystem off"
@@ -194,7 +195,7 @@ Caused by: java.io.EOFException
 
 ### Corrupt agent workdir folder
 
-If you experience a immmediate disconnection without any clear trace it could be related with a corrupt file in the agent workdir folder.
+If you experience an immediate disconnection without any clear trace it could be related with a corrupt file in the agent workdir folder.
 
 ```
 Apr 17, 2019 2:16:23 PM INFO hudson.remoting.SynchronousCommandTransport$ReaderThread run

pom.xml

@@ -5,11 +5,11 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.15</version>
+    <version>4.40</version>
   </parent>
 
   <artifactId>ssh-slaves</artifactId>
-  <version>${revision}${changelist}</version>
+  <version>${revision}.${changelist}</version>
   <packaging>hpi</packaging>
 
   <name>SSH Build Agents plugin</name>
@@ -25,11 +25,11 @@
   </licenses>
 
   <properties>
-    <revision>1.31.6</revision>
-    <changelist>-SNAPSHOT</changelist>
-    <jenkins.version>2.222.4</jenkins.version>
+    <revision>1</revision>
+    <changelist>999999-SNAPSHOT</changelist>
+    <jenkins.version>2.319.1</jenkins.version>
     <java.level>8</java.level>
-    <configuration-as-code.version>1.46</configuration-as-code.version>
+    <hpi.compatibleSinceVersion>1.31.0</hpi.compatibleSinceVersion>
   </properties>
 
   <developers>
@@ -102,8 +102,8 @@
     <dependencies>
       <dependency>
         <groupId>io.jenkins.tools.bom</groupId>
-        <artifactId>bom-2.204.x</artifactId>
-        <version>18</version>
+        <artifactId>bom-2.319.x</artifactId>
+        <version>1409.v7659b_c072f18</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -118,22 +118,25 @@
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>trilead-api</artifactId>
-      <version>1.0.13</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>credentials</artifactId>
-      <version>2.3.14</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.plugins</groupId>
       <artifactId>ssh-credentials</artifactId>
-      <version>1.18.1</version>
+    </dependency>
+    <dependency>
+      <groupId>org.jenkins-ci.modules</groupId>
+      <artifactId>sshd</artifactId>
+      <version>3.242.va_db_9da_b_26a_c3</version>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.test</groupId>
       <artifactId>docker-fixtures</artifactId>
-      <version>1.10</version>
+      <version>1.11</version>
       <scope>test</scope>
       <exclusions>
         <exclusion>
@@ -145,27 +148,28 @@
     <dependency>
       <groupId>io.jenkins</groupId>
       <artifactId>configuration-as-code</artifactId>
-      <version>${configuration-as-code.version}</version>
       <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.jenkins.configuration-as-code</groupId>
       <artifactId>test-harness</artifactId>
-      <version>${configuration-as-code.version}</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.testcontainers</groupId>
+      <artifactId>testcontainers</artifactId>
+      <version>1.17.2</version>
+      <scope>test</scope>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.commons</groupId>
+          <artifactId>commons-compress</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.slf4j</groupId>
+          <artifactId>slf4j-api</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
   </dependencies>
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.jenkins-ci.tools</groupId>
-        <artifactId>maven-hpi-plugin</artifactId>
-        <extensions>true</extensions>
-        <configuration>
-          <minimumJavaVersion>1.8</minimumJavaVersion>
-          <compatibleSinceVersion>1.31.0</compatibleSinceVersion>
-        </configuration>
-      </plugin>
-    </plugins>
-  </build>
 </project>

src/main/java/hudson/plugins/sshslaves/JavaProvider.java

@@ -24,6 +24,7 @@
 package hudson.plugins.sshslaves;
 
 import com.trilead.ssh2.Connection;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.ExtensionList;
 import hudson.ExtensionPoint;
 import hudson.slaves.SlaveComputer;
@@ -32,13 +33,12 @@
 
 import java.util.List;
 import java.util.Collections;
-import javax.annotation.Nonnull;
 
 /**
  * Guess where Java is.
  */
 public abstract class JavaProvider implements ExtensionPoint {
-    
+
     private static final VersionNumber JAVA_LEVEL_8 = new VersionNumber("8");
 
     /**
@@ -68,12 +68,12 @@ public static ExtensionList<JavaProvider> all() {
 
     /**
      * Gets minimal required Java version.
-     * 
-     * @return Minimal Java version required on the master and agent side.
+     *
+     * @return Minimal Java version required on the controller and agent side.
      * @since TODO
-     * 
+     *
      */
-    @Nonnull
+    @NonNull
     public static VersionNumber getMinJavaLevel() {
         return JAVA_LEVEL_8;
     }

src/main/java/hudson/plugins/sshslaves/JavaVersionChecker.java

@@ -44,7 +44,6 @@
 import hudson.slaves.SlaveComputer;
 import hudson.util.VersionNumber;
 import static java.util.logging.Level.FINE;
-import static java.util.logging.Level.WARNING;
 
 /**
  * class to check if the version of java installed on the agent is a supported one.
@@ -76,17 +75,12 @@ protected String resolveJava() throws InterruptedException, IOException {
                 try {
                     return checkJavaVersion(listener, javaCommand);
                 } catch (IOException e) {
-                    if(!"java".equalsIgnoreCase(javaCommand)){
-                      LOGGER.log(WARNING, "Java is not in the PATH nor configured with the javaPath setting,"
-                                          + " Jenkins will try to guess where is Java,"
-                                          + "this guess will be remove in the future.");
-                    }
                     LOGGER.log(FINE, "Failed to check the Java version",e);
                     // try the next one
                 }
             }
         }
-        throw new IOException("Java not found on " + computer + ". Install a Java 8 version on the Agent.");
+        throw new IOException("Java not found on " + computer + ". Install Java 8 or Java 11 on the Agent.");
     }
 
     @NonNull

src/main/java/hudson/plugins/sshslaves/SSHConnector.java

@@ -28,6 +28,7 @@
 import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
 import com.cloudbees.plugins.credentials.common.StandardUsernameListBoxModel;
 import com.trilead.ssh2.Connection;
+import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
 import hudson.model.ItemGroup;
 import hudson.model.TaskListener;
@@ -167,7 +168,7 @@ public SSHConnector(int port, String credentialsId, String jvmOptions, String ja
     }
 
     @Override
-    public SSHLauncher launch(String host, TaskListener listener) {
+    public SSHLauncher launch(@NonNull String host, TaskListener listener) {
         SSHLauncher sshLauncher = new SSHLauncher(host, port, credentialsId, jvmOptions, javaPath, prefixStartSlaveCmd,
                 suffixStartSlaveCmd, launchTimeoutSeconds, maxNumRetries, retryWaitTime, sshHostKeyVerificationStrategy);
         sshLauncher.setWorkDir(workDir);
@@ -283,6 +284,7 @@ public Boolean getTcpNoDelay() {
 
     @Extension
     public static class DescriptorImpl extends ComputerConnectorDescriptor {
+        @NonNull
         @Override
         public String getDisplayName() {
             return Messages.SSHLauncher_DescriptorDisplayName();