SSH Keys

SSH keys are an encrypted protocol used to administer and communicate with servers. You will have a private key (on the client machine), and a corresponding public key on the server.

Some common commands that we are likely to use

• ssh-keygen - creates a key pair for public key authentication
• ssh-copy-id - configures a public key as authorized on a server
• ssh-add - tool to add a key to the agent

Here are some additional notes to help us with ssh-keys.

• https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804
• https://www.ssh.com/ssh/command/

add user on remote machine

In this particular example I created an Ubuntu VM called server1. I have updated my local /etc/hosts file so that I can reference server1 and it will know which VM to talk to.

• local Ubuntu (desktop) VM -> A different Ubuntu (server1) VM

On server1, create a new user.

adduser jenkins

Create the ssh key

Inorder to communicate without passing usernames and passwords around, we’ll use a ssh-key. On our local machine, and as the jenkins user (which would have been created when you installed jenkins), create a ssh-key.

ssh-keygen

This will create a 2048-bit RSA key pair, however we can pass in the -b 4096 flag to create a larger 4096-bit key if we want.

When we are prompted for a password, we just hit enter (leaving the password field blank).

Warning

You can only have one ssh-key at a time. If you already have an existing key, the previous command will over-write it. This means that any authentication setup you might have with other servers will no longer work!

Viewing keys

Your ssh keys are stored in your home folder under .ssh. This is because the ssh keys are linked to your user account.

If you are asked to send the public key, this would be (in my case) the id_rsa.pub file. You can either send that file or the contents of it.

Copy the ssh key to server1

Now we need to copy the public key part of our ssh-key to the other VM, server1.

ssh-copy-id jenkins@server1

When we are prompted for the password, this is the password to login to server1 under the jenkins user. It is not the password for the ssh-key (which we left blank).

Testing

There are a couple of things that we can test

• that we can ssh into server1 from our local Ubuntu
• that we can copy a file from our local Ubuntu to server1

Test ssh

ssh jenkins@server1

Test scp

scp -i ~/.ssh/id_rsa test1.txt jenkins@server1:/home/jenkins/

And check that it does exist on server1

Test rsync

rsync -avz test1.txt jenkins@server1:/home/jenkins/

Where

• a is archive. Keeps the file permissions, ownership and timestamps.
• v is verbose. Give us plenty of feedback on what is happening
• z compress. Compress the file(s) as they are going across
• r recursivily - used for copying sub-directories inside directories etc.