On Tue, Oct 2, 2012 at 11:16 AM, zperry <zack.pe...@sbcglobal.net> wrote:
>>
>> I don't really see how that practice relates to a web service intended
>> for both remote and local use from multiple users. The remote api does
>> the same things as the regular http interface. It could work, of
>> course, but it's not what people expect from a network service. If
>> you are going to only run commands locally from the jenkins master you
>> might as well use the cli or groovy instead of the remote api.
>
>
> Lets say the master CI provides Web access (UI and RESTful) only to the
> localhost of the node. At the first look, this is extremely inconvenient.
> But, in almost all cases, the node runs sshd anyways, thus it can be
> accessed via ssh.
>
> With ssh, you can use port forwarding ssh -L
> local_port:remote_ip:remote_port remote_hostname to forward a desired local
> port, e.g. 8080 to the "localhost" of the master.
I understand the concept and use it for ad-hoc things myself, but
don't normally give all the people who would use jenkins a system
login to the server.
> No more insecure Basic Authentication to worry. If you have setup PKI, the
> access is transparent and secure.
Our lab is firewalled and remote access already secured, but if I were
concerned about this, I'd probably use https - unless there were
already a central authentication setup that would generate restricted
ssh logins on access.
--
Les Mikesell
lesmikes...@gmail.com
