Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Many components of MettleCI are integrated to third party systems using SSH to avoid the need for various software components to repeatedly prompt users for authentication credentials. Note that SSH keys are RSA by default, but can be generated using a number of different encryption algorithms. The algorithm you choose will depending upon the system with which you are trying to connect.

On 15th March 2022, for example, GitHub stoped stopped accepting RSA and DSA keys so you should generate a an ECDSA or RSA SHA256 key (demonstrated below).

RSA SHA256 keys are preferred as they work with both GitHub and Microsoft Azure.

...

Instructions - Windows

The easiest way to generate an SSH key on Windows is to install a Git client and use Git Bash to follow the same instructions as for Unix.

...

Code Block
# Generate a 2048-bit RSA key (Will NOT work with GitHub!)
$> ssh-keygen -t rsa -b 2048 -f mykey.rsa.key
Generating public/private rsa key pair.
# (blah blah blah)

# Or
# Generate a 5212048-bit RSA ecdsaSHA256 key (WILL work with GitHub!)
[root@release1-engn ~]# Yesssh-keygen -t 521rsa-sha2-bits (not 512) because (2^521)-1 is a prime number 
# See https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
$> ssh-keygen -t ecdsa -b 521 -f mykey.ecdsa.key
Generating public/private ecdsa key pair.
256 -b 2048
Generating public/private rsa-sha2-256 key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): mykeyrsa256
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mykey.ecdsa.keymykeyrsa256
Your public key has been saved in mykey.ecdsamykeyrsa256.key.pub
The key fingerprint is:
SHA256:mri4SXfnLwf77L8UmzFf4DOW0e/LODuV/cixmDOw7+Q johnmckeever@localhsotE8ld6eXF1HynQz9Jx0+tCtUI18R54kTAWhXcLqnKg68 root@release1-engn.mettleci-release-test.datamigrators.io
The key's randomart image is:
+---[ECDSARSA 5212048]----+
|          .o+%=O+|
|       . o o* @.#|
|        + .= *.@*|
|       | | .o . Oo+|
|        S  . o o.|
|         .  o  . . |
|       S  o .   =  +|
|    . o.  o . .@o|+ | . o + .o =.= ==+|
| . + o oo.*o=+B +| |  +Eo..   .B*=E*=o  |
+----[SHA256]-----+
[root@release1-engn ~]# 


# Copy the public key of your computer to the trusted keys of the target server
localhost:~$ ssh-copy-id -i .ssh/mykey.ecdsamykeyrsa256 user@remotehost
user@remotehost's password: ••••••••

...