Let's do a full reset of authentication for Jenkins nodes: 1. Create users for misc and nigel with Ansible. 2. Remove SSH access via root user. 3. Create a method for creating new users and removing them when needed (ansible task would be easiest). 4. Remove all keys in /root/.ssh/ including private and public. 5. Remove all keys in /home/jenkins/.ssh/ including private and public. 6. Change the password for Jenkins user. 7. Change the password in Jenkins for node passwords. I'm assigning this one to myself for now. Though, Michael and I will have to split responsibilities.
I'm going to start with these two steps on Monday 6. Change the password for Jenkins user. 7. Change the password in Jenkins for node passwords.
We've also missed out on one critical step - Cleaning out users on Jenkins master. We cleaned out a whole bunch of users who we think aren't active any more or need not have access.
All Centos and freebsd nodes have had their password reset. I've run into some trouble with the netbsd nodes. I'll have to take one of them offline and figure out what files need permission to change the password.
Items 6 and 7 are now complete. All Jenkins nodes have had a password refresh.
Items 4 and 5 are also done.
Remaining tasks: 1. Create users for misc and nigel with Ansible. 2. Remove SSH access via root user. 3. Create a method for creating new users and removing them when needed (ansible task would be easiest).
Item 3 is sorted since we now directly use Github auth. I'm deferring Item 1 and 2 to when we solve this on an infra wide scale rather than specific to Jenkins.