...
Many components of MettleCI are integrated to third party systems using SSH to avoid the need for various software components to repeatedly prompt users for authentication credentials. Note that SSH keys RSA by default, but can be generated using a number of different encryption algorithms. The algorithm you choose will depending upon the system with which you are trying to connect.
On 15th March 2022, for example, GitHub stoped accepting RSA and DSA keys so you should generate a ECDSA key (demonstrated below).
...
Instructions - Windows
The easiest way to generate an SSH key on Window is to install a Git client and use Git Bash to follow the same instructions as for Unix.
...
Here’s an example of creating and deploying an SSH key to avoid a username/password prompt when connecting from one host ('localhost', in this example) to another ('remotehost').
If you already have an SSH key, you can skip this step. You can just hit Enter for the key and both passphrases (less secure):
Code Block # Generate a 2048-bit RSA key (Will NOT work with GitHub!) $> ssh-keygen -t rsa -b 2048 -f mykey.rsa.key Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/username/.ssh/mykey.mykey.rsa.key Your public key has been saved in mykey.rsa.key.pub The key fingerprint /home/username/.ssh/mykey.pub.
Copy the public key of your computer to the trusted keys of the target server:
Code Block language bash is: SHA256:kB2venO9Hq0bj39CWul07SrdXqhyfn7oV9NlZ/YSHUE johnmckeever@localhsot The key's randomart image is: +---[RSA 2048]----+ | . .E.| | o o . | | o . . ..| | . . . B| | S ==| | . +. .+=| | . o +o=.++*| | . oo==*+o=| | =XB*++.| +----[SHA256]-----+ # Copy the public key of your computer to the trusted keys of the target server localhost:~$ ssh-copy-id -i .ssh/mykey.ecdsa user@remotehost user@remotehost's password: ••••••••
Note that you may need to use a different type of key encryption depending upon the system with which you are trying to connect. For GitHub, for example, we would use the following…
Code Block ## Generate a 521-bit RSA key (WILL work with GitHub!) # Yes - 521-bytes (not 512) because (2^521)-1 is a prime number # See https://en.wikipedia.org/wiki/Elliptic-curve_cryptography $> ssh-keygen -t ecdsa -b 521 -f mykey.ecdsa.key Generating public/private ecdsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in mykey.ecdsa.key Your public key has been saved in mykey.ecdsa.key.pub The key fingerprint is: SHA256:mri4SXfnLwf77L8UmzFf4DOW0e/LODuV/cixmDOw7+Q johnmckeever@localhsot The key's randomart image is: +---[ECDSA 521]---+ | | | | | . | | . . | | S . = +| | . o. o . .@o| | . o + .o =.= ==+| | . + o oo.*o=+B +| | +.. .B*=E*=o | +----[SHA256]-----+Now try logging into the machine, with
ssh 'user@remotehost'to verify the keys we’ve added:Code Block # Create the .ssh directory: localhost:~$ mkdir ~/.ssh # Set the right permissions: localhost:~$ chmod 700 ~/.ssh # Create the authorized_keys file: localhost:~$ touch ~/.ssh/authorized_keys # Set the right permissions: localhost:~$ chmod 600 ~/.ssh/authorized_keys # Verify localhost:~$ ls ~/.ssh/authorized_keys
Finally check you can log in using your new key…
You may also want to look into usingCode Block localhost:~$ ssh id@server user@remotehost:~$
ssh-agentif you want to try keeping your keys protected with a passphrase (more secure).
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...