Jenkins requires a certificate to use the ssh publication and ssh commands. It can be configured under "manage jenkins" -> "Configure System"-> "publish over ssh"
.
The question is: How does one create the certificates?
I have two ubuntu servers, one running Jenkins, and one for running the app.
Do I set up a Jenkins cert and put part of it on the deployment box, or set up a cert on the deployment box, and put part of it on Jenkins? Does the cert need to be in the name of a user called Jenkins, or can it be for any user? We don't have a Jenkins user on the development box.
I know there are a number of incompatible ssh types, which does Jenkins require?
Has anyone found a guide on how to set this all up (how to generate keys, where to put them etc.)?
You don't need to create the SSH keys on the Jenkins server, nor do you need to store the SSH keys on the Jenkins server's filesystem. This bit of information is crucial in environments where Jenkins servers instances may be created and destroyed frequently.
On any machine (Windows, Linux, MacOS ...doesn't matter) generate an SSH key pair. Use this article as guide:
On the target server, you will need to place the content of the public key (id_rsa.pub
per the above article) into the .ssh/authorized_keys
file under the home directory of the user which Jenkins will be using for deployment.
Ref: https://plugins.jenkins.io/publish-over-ssh/
Visit: Jenkins
> Manage Jenkins
> Configure System
> Publish over SSH
id_rsa
per the above article) into the "Key" fieldVisit: Jenkins
> Credentials
> System
> Global credentials (unrestricted)
> Add Credentials
id_rsa
per the above article)]For Windows:
$ ssh-keygen -t rsa -b 4096 -C [email protected]
Source: Stackoverflow.com