how to setup ssh keys for jenkins to publish via ssh

Question

Jenkins requires a certificate to use the ssh publication and ssh commands. It can be configured under "manage jenkins" -> "Configure System"-> "publish over ssh".

The question is: How does one create the certificates?

I have two ubuntu servers, one running Jenkins, and one for running the app.

Do I set up a Jenkins cert and put part of it on the deployment box, or set up a cert on the deployment box, and put part of it on Jenkins? Does the cert need to be in the name of a user called Jenkins, or can it be for any user? We don't have a Jenkins user on the development box.

I know there are a number of incompatible ssh types, which does Jenkins require?

Has anyone found a guide on how to set this all up (how to generate keys, where to put them etc.)?

User · Answer

You don t need to create the SSH keys on the Jenkins server  nor do you need to store the SSH keys on the Jenkins server s filesystem  This bit of information is crucial in environments where Jenkins servers instances may be created and destroyed frequently  Generating the SSH Key Pair On any machine  Windows  Linux  MacOS    doesn t matter  generate an SSH key pair  Use this article as guide   GitHub  Generating a new SSH key and adding it to the ssh-agent  you can skip the section  quot Adding your SSH key to the ssh-agent quot    On the Target Server On the target server  you will need to place the content of the public key  id rsa pub per the above article  into the  ssh authorized keys file under the home directory of the user which Jenkins will be using for deployment  In Jenkins Using  quot Publish over SSH quot  Plugin Ref  https   plugins jenkins io publish-over-ssh  Visit  Jenkins  gt  Manage Jenkins  gt  Configure System  gt  Publish over SSH  If the private key is encrypted  then you will need to enter the passphrase for the key into the  quot Passphrase quot  field  otherwise leave it alone  Leave the  quot Path to key quot  field empty as this will be ignored anyway when you use a pasted key  next step  Copy and paste the contents of the private key  id rsa per the above article  into the  quot Key quot  field Under  quot SSH Servers quot    quot Add quot  a new server configuration for your target server   Using Stored Global Credentials Visit  Jenkins  gt  Credentials  gt  System  gt  Global credentials  unrestricted   gt  Add Credentials  Kind   quot SSH Username with private key quot  Scope   quot Global quot  ID   CREAT A UNIQUE ID FOR THIS KEY  Description   optionally  enter a decription  Username   USERNAME JENKINS WILL USE TO CONNECT TO REMOTE SERVER  Private Key   select  quot Enter directly quot   Key   paste the contents of the private key  id rsa per the above article   Passphrase   enter the passphrase for the key  or leave it blank if the key is not encrypted

User · Answer

For Windows    Install the necessary plugins for the repository  ex  GitHub install GitHub and GitHub Authentication plugins  in Jenkins   You can generate a key with Putty key generator  or by running the following command in git bash     ssh-keygen -t rsa -b 4096 -C your email example com Private key must be OpenSSH  You can convert your private key to OpenSSH in putty key generator SSH keys come in pairs  public and private  Public keys are inserted in the repository to be cloned  Private keys are saved as credentials in Jenkins You need to copy the SSH URL not the HTTPS to work with ssh keys

User · Answer

You will need to create a public private key as the Jenkins user on your Jenkins server  then copy the public key to the user you want to do the deployment with on your target server   Step 1  generate public and private key on build server as user jenkins  build1   jenkins  whoami jenkins build1   jenkins  ssh-keygen Generating public private rsa key pair  Enter file in which to save the key   var lib jenkins  ssh id rsa    Created directory   var lib jenkins  ssh   Enter passphrase  empty for no passphrase    Enter same passphrase again   Your identification has been saved in  var lib jenkins  ssh id rsa  Your public key has been saved in  var lib jenkins  ssh id rsa pub  The key fingerprint is         The key s randomart image is        build1   jenkins  ls -l  ssh total 2 -rw-------  1 jenkins  jenkins  1679 Feb 28 11 55 id rsa -rw-r--r--  1 jenkins  jenkins   411 Feb 28 11 55 id rsa pub  build1   jenkins  cat  ssh id rsa pub ssh-rsa AAAlskdjfalskdfjaslkdjf    jenkins myserver com   Step 2  paste the pub file contents onto the target server   target   bob  cd  ssh target   bob  vi authorized keys  paste in the stuff which was output above     Make sure your  ssh dir has permissoins 700 and your authorized keys file has permissions 644  Step 3  configure Jenkins   In the jenkins web control panel  nagivate to  Manage Jenkins  -   Configure System  -   Publish over SSH  Either enter the path of the file e g   var lib jenkins  ssh id rsa   or paste in the same content as on the target server  Enter your passphrase  server and user details  and you are good to go

[jenkins] how to setup ssh keys for jenkins to publish via ssh

The answer is

Generating the SSH Key Pair

On the Target Server

In Jenkins

Using "Publish over SSH" Plugin

Using Stored Global Credentials

Examples related to jenkins

Examples related to ssh

Tags