I have a Jenkins installation in CentOS 6 where the known hosts file, /var/lib/jenkins/.ssh/known_hosts, is under configuration management.
It contains, for instance, a key to a source control host by hostname (suppose its IP is 1.2.3.4:
label.hostname.tld ssh-rsa ABCDEFGHIJKLMNOPQRSTUV
Whenever Jenkins accesses the source control host via ssh, it ensures that the IP address for the host is inserted into the known_hosts file:
label.hostname.tld ssh-rsa ABCDEFGHIJKLMNOPQRSTUV
1.2.3.4 ssh-rsa ABCDEFGHIJKLMNOPQRSTUV
So I'm considering adding a duplicate entry for the key by IP address, which is an additional overhead if I want to keep all the file contents under configuration management.
Before I do this, I'm wondering: Is there a way to stop Jenkins from doing this? Could there be something in the configuration of the SSH application itself prevent this? Or am I stuck with maintaining two entries for every named host in the Jenkins hosts file?
Best Answer
It's not the best method, but you can add extended atributes to that file. You can add "i" flag to the file, to prevent everyone for deleting or modifying it.
Can do this with
chattr +i