Find plugins

SSH Agent1.15Minimum Jenkins requirement: 1.609.3ID: ssh-agent

SSH Agent Plugin

This plugin allows you to provide SSH credentials to builds via a ssh-agent in Jenkins.


Currently all Windows nodes (including the master) on which this plugin will be used must have the Apache Tomcat Native libraries installed. As of 1.0 should be unnecessary for Unix nodes. As of 1.14 unnecessary if ssh-agent is installed.


First you need to add some SSH Credentials to your instance:

Jenkins | Manage Jenkins | Manage Credentials

Note that only Private Key based credentials can be used.

Then configure your build to use the credentials:

And then your build will have those credentials available, e.g.

From a Pipeline job, use the sshagent step.

Installation Example: MacOSX (10.7.5)

Irrelevant in 1.14+ when ssh-agent is available in the path.


  • JDK7. The tomcat native libraries target the java 7 version.
  • APR - this seems to be preinstalled in /usr/lib/apr.

Note that tomcat itself is not needed. This works fine with winstone (just running jenkins jar from command line).

Download and extract the tomcat native library: http://tomcat.apache.org/download-native.cgi

tar -zxvf tomcat-native-1.1.XX-src.tar.gz

Build the native library:

cd tomcat-native-1.1.XX/jni/native

./configure --with-apr=/usr/bin/apr-1-config

make && sudo make install

Build the java interface:

cd ..
export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home

ant build

ant jar

Copy the output jar somewhere suitable for inclusion in your jenkins CLASSPATH.

Set environment variables prior to starting jenkins:

export DYLD_LIBRARY_PATH=/usr/local/apr/lib
export CLASSPATH=/path/to/tomcat-native-1.1.XX.jar
java -jar jenkins.war

Additionally, you might have to add bouncycastle to your JCE providers. If you attempt to use the plugin and get an exception like the following:

java.lang.IllegalStateException: BouncyCastle must be registered as a JCE provider

Then you may need to configure the jce provider. One way is to do this right in the JRE, so if Jenkins is using the same jdk as above, edit

/Library/Java/JavaVirtualMachines/jdk1.7.0_17.jdk/Contents/Home/jre/lib/security/java.security, and add the following line:


Then, restart jenkins.

From there, configure using the instructions above.

Version History

Version 1.15 (2017-04-06)

  • issue@42093 Fixed quoting for askpass in command-line implementation. 

Version 1.14 (2017-02-10)

  • JENKINS-36997 New default implementation that uses command-line ssh-agent. Should fix various problems with crypto APIs, docker.image(…).inside {sshagent(…) {…}}, etc.
  • JENKINS-38830 Track credentials used in the wrapper.
  • JENKINS-35563 Fixes to credentials dropdown.

Version 1.13 (2016-03-03)

  • JENKINS-32120 Register Bouncy Castle on the remote agent by using Bouncy Castle API plugin

Apparently does not work in some versions of Jenkins; see JENKINS-36935.

Version 1.12 (2016-03-03)

  • Wrong release. Release process broken due a network issue.

Version 1.11 (2016-03-03)

Version 1.10 (2016-03-03)

Version 1.9 (2015-12-07)

Changelog unrecorded.

Version 1.8 (2015-08-07)

Version 1.7 (2015-06-02)

Version 1.6 (2015-04-20)

  • SSH agent socket service thread shouldn't keep JVM alive.

Version 1.5 (2014-08-11)

  • Add support for multiple credentials
  • Add support for parameterized credentials

Version 1.4.2 (2014-08-11)

  • Fix for JENKINS-20276
  • WARNING: Due to classpath conflicts, this plugin will not work if 1.518 <= Jenkins Version < 1.533 (i.e. 1.518 broke it, 1.533 fixed it)

Version 1.4.1 (2013-11-08)

  • Switch from f:select to c:select so that in-place addition of credentials is supported when the credentials plugin exposes such support
  • WARNING: Due to classpath conflicts, this plugin will not work if 1.518 <= Jenkins Version < 1.533 (i.e. 1.518 broke it, 1.533 fixed it)

Version 1.4 (2013-10-08)

  • Minor improvement in exception handling
  • Minor improvement in fault reporting
  • Update JNR libraries
  • WARNING: Due to classpath conflicts, this plugin will not work if 1.518 <= Jenkins Version < 1.533 (i.e. 1.518 broke it, 1.533 fixed it)

Version 1.3 (2013-08-09)

Version 1.2 (2013-08-07)

Version 1.1 (2013-07-04)

  • If BouncyCastleProvider is not registered, try to register it ourselves anyway... this should make installation and configuration even easier.

Version 1.0 (2012-11-01)

  • Using jnr-unixsocket have been able to remove the requirement on Apache Tomcat Native for unix nodes. Likely still require the Apache Tomcat Native for Windows nodes.

Version 0.1 (2012-10-26)

  • Initial release 
ArchivesGet past versions
This plugin has no labels