Passwordless SSH, Git Pull, SCP, and Sudo in Jenkins Remote Execution – Practical Scenarios

Using Jenkins for continuous integration starts with automatically provisioning environments, which often requires remote access to multiple servers; traditional password authentication can be cumbersome, so the article introduces several "password‑less" techniques to streamline Jenkins workflows.

Scenario 1 – Jenkins remote task execution without passwords: Add credentials in Jenkins (typically username/password) under the Credentials section, then select the configured remote server in the job configuration to enable seamless SSH connections.

Scenario 2 – Password‑less git pull via SSH RSA keys: On the target server run ssh-keygen -t rsa (accept defaults), which creates ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub . Add the public key in your Git hosting service (Settings → SSH Keys). After that, Git operations such as git pull no longer prompt for a password.

Scenario 3 – Password‑less scp for artifact distribution: Copy the generated public key to the destination server’s ~/.ssh/authorized_keys . Ensure the .ssh directory has permission 700 and authorized_keys has 600 or 644 . The first scp may still ask to confirm the host key; you can manually run scp once to accept the fingerprint or adjust the SSH configuration (with security trade‑offs).

Scenario 4 – Password‑less sudo in Jenkins scripts: On the Jenkins master, append jenkins ALL=(ALL) NOPASSWD: ALL to /etc/sudoers and restart Jenkins. On the remote target, edit /etc/sudoers (via visudo ) to replace the user’s line with yourname ALL=(ALL) NOPASSWD: ALL , adjust any group lines similarly, and change Defaults requiretty to Defaults:yourusername !requiretty . No restart is needed for these changes to take effect.

Scenario 5 – Password‑less Jenkins builds via API token: Enable “Trigger builds remotely (e.g., from scripts)” in the job configuration and set a token. Grant the anonymous user Build and Read permissions via the Matrix‑based security strategy. Install the “Build Authorization Token Root Plugin” and use the endpoint http://your‑jenkins/jenkins/buildWithParameters?token=YOUR_TOKEN&job=JOB_NAME (instead of the older build URL) to trigger builds without interactive login.