...
Many components of MettleCI are integrated to third party systems using SSH to avoid the need for various software components to repeatedly prompt users for authentication credentials. Note that SSH keys are RSA by default, but can be generated using a number of different encryption algorithms. The algorithm you choose will depending upon the system with which you are trying to connect.
On 15th March 2022, for example, GitHub stopped accepting RSA and DSA keys so you should generate an ECDSA or RSA SHA256 key (demonstrated below).
RSA SHA256 keys are preferred as they work with both GitHub and Microsoft Azure.
...
Instructions - Windows
The easiest way to generate an SSH key on Window Windows is to install a Git client and use Git Bash to follow the same instructions as for Unix.
...
Here’s an example of creating and deploying an SSH key to avoid a username/password prompt when connecting from one host ('localhost
', in this example) to another ('remotehost
').
If you already have an SSH key, you can skip this step.
...
Don’t enter a passphrase if you want to use this key with third party systems like Azure or GitHub.
Code Block |
---|
# Generate a 2048-bit RSA key (Will NOT work with GitHub!) $> ssh-keygen -t rsa -b 2048 -f mykey.rsa.key Generating public/private rsa key pair. # (blah blah blah) # Or # Generate a 2048-bit RSA SHA256 key (WILL work with GitHub!) [root@release1-engn ~]# ssh-keygen -t rsa-sha2-256 -b 2048 Generating public/private rsa-sha2-256 key pair. Enter file in which to save the key (/root/.ssh/id_rsa): mykeyrsa256 Enter passphrase (empty for no passphrase): |
...
Enter same passphrase again:
|
...
Your identification has been saved in |
...
mykeyrsa256 Your public key has been saved in |
...
Copy the public key of your computer to the trusted keys of the target server:
...
language | bash |
---|
mykeyrsa256.pub The key fingerprint is: SHA256:E8ld6eXF1HynQz9Jx0+tCtUI18R54kTAWhXcLqnKg68 root@release1-engn.mettleci-release-test.datamigrators.io The key's randomart image is: +---[RSA 2048]----+ | .o+%=O+| | . o o* @.#| | + .= *.@*| | .o . Oo+| | S . o o.| | . o | | o . | | . + | | Eo.. | +----[SHA256]-----+ [root@release1-engn ~]# # Copy the public key of your computer to the trusted keys of the target server localhost:~$ ssh-copy-id -i .ssh/ |
...
mykeyrsa256 user@remotehost user@remotehost's password: •••••••• |
Info |
---|
Note that the following steps are not required when using the generated key with MettleCI Workbench. |
Now try logging into the machine, with ssh 'user@remotehost'
to verify the keys we’ve added:
Code Block |
---|
# Create the .ssh directory:
localhost:~$ mkdir ~/.ssh
# Set the right permissions:
localhost:~$ chmod 700 ~/.ssh
# Create the authorized_keys file:
localhost:~$ touch ~/.ssh/authorized_keys
# Set the right permissions:
localhost:~$ chmod 600 ~/.ssh/authorized_keys
# Verify
localhost:~$ ls ~/.ssh/authorized_keys |
Finally check you can log in using your new key…
Code Block |
---|
localhost:~$ ssh id@server
user@remotehost:~$ |
You may also want to look into using ssh-agent
if you want to try keeping your keys protected with a passphrase (more secure).
Related articles
Filter by label (Content by label) | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Page Properties | ||
---|---|---|
| ||
|