Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

SSH (Secure SHell) is a generic term for a software package or command which implements the SSH communications protocol to enable secure system administration and file transfers over insecure networks. It is used in nearly every datacenter, in every larger enterprise.

An SSH key is an access credential that fulfils a similar function to that of user names and passwords. The keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users. A key comes as a pair of files: a Public key (also known as an Authorized key) and a private key (also know as an Identity key) .

Public keys are analogous to locks that the corresponding private key can open. Private keys are used by an SSH client to authenticate itself when logging into an SSH server and are analogous to physical keys that can open one or more locks (Public keys).

Many components of MettleCI are integrated to third party systems using SSH to avoid the need for various software components to repeatedly prompt users for authentication credentials. Note that SSH keys RSA by default, but can be generated using a number of different encryption algorithms. The algorithm you choose will depending upon the system with which you are trying to connect.

On 15th March 2022, for example, GitHub stoped accepting RSA and DSA keys so you should generate a ECDSA key (demonstrated below).


Instructions - Windows

The easiest way to generate an SSH key on Windows is to install a Git client and use Git Bash to follow the same instructions as for Unix.


Instructions - Unix

Here’s an example of creating and deploying an SSH key to avoid a username/password prompt when connecting from one host (localhost, in this example) to another (remotehost).

If you already have an SSH key, you can skip this step. Don’t enter a passphrase if you want to use this key with third party systems like Azure or GitHub.

# Generate a 2048-bit RSA key (Will NOT work with GitHub!)
$> ssh-keygen -t rsa -b 2048 -f mykey.rsa.key
Generating public/private rsa key pair.
# (blah blah blah)

# Or
# Generate a 521-bit ecdsa key (WILL work with GitHub!)
# Yes - 521-bits (not 512) because (2^521)-1 is a prime number 
# See https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
$> ssh-keygen -t ecdsa -b 521 -f mykey.ecdsa.key
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mykey.ecdsa.key
Your public key has been saved in mykey.ecdsa.key.pub
The key fingerprint is:
SHA256:mri4SXfnLwf77L8UmzFf4DOW0e/LODuV/cixmDOw7+Q johnmckeever@localhsot
The key's randomart image is:
+---[ECDSA 521]---+
|                 |
|                 |
|              .  |
|             . . |
|       S  .   = +|
|    . o.  o . .@o|
| . o + .o =.= ==+|
| . + o oo.*o=+B +|
|  +..   .B*=E*=o |
+----[SHA256]-----+

# Copy the public key of your computer to the trusted keys of the target server
localhost:~$ ssh-copy-id -i .ssh/mykey.ecdsa user@remotehost
user@remotehost's password: ••••••••

Note that the following steps are not required when using the generated key with MettleCI Workbench.

Now try logging into the machine, with ssh 'user@remotehost' to verify the keys we’ve added:

# Create the .ssh directory:
localhost:~$ mkdir ~/.ssh

# Set the right permissions:
localhost:~$ chmod 700 ~/.ssh

# Create the authorized_keys file:
localhost:~$ touch ~/.ssh/authorized_keys

# Set the right permissions:
localhost:~$ chmod 600 ~/.ssh/authorized_keys

# Verify
localhost:~$ ls ~/.ssh/authorized_keys

Finally check you can log in using your new key…

localhost:~$ ssh id@server
user@remotehost:~$ 

  • No labels