Skip to content
/ openssh-client Public

openssh-client + entrypoint to set up ssh-agent, ssh-add & known_hosts for easy CI/CD pipeline use.

hub.docker.com/r/mountainash/openssh-client
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mountainash/openssh-client

BranchesTags

Repository files navigation

OpenSSH Client

Docker Hub pulls GitLab Releases

A handy Docker Image for connecting through SSH to remote hosts with optional support for SSH host keys.

Pufferfish

Can be used in a deployment pipeline to connect to a remote host, and run a git, a Docker pull or any CLI command.

Setup

Environment Variables

These variables are set in GitLab CI/CD settings (but could be any CI/CD pipeline service eg. GitHub Actions, CircleCI, Jenkins, etc.):

  • SSH_HOST (remote's hostname)
  • SSH_KNOWN_HOSTS (host's key signature eg. [172.31.98.99]:22222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE...n9K9hnplyRGA3MJfe/wBoCVIaX, can be set to NoStrictHostKeyChecking to not check)
  • SSH_USER_NAME (ssh username for access to the host)
  • SSH_PRIVATE_KEY (ssh private key for SSH_USER_NAME)

Generating SSH_PRIVATE_KEY

Need some new keys? You can use this image to generate them (no polluting up your local machine with keys - and adding to your "vector").

docker run --rm mountainash/openssh-client:latest ./keygen.sh

Four different types (dsa, ecdsa, ed25519, or rsa) public and private authentication keys will be printed to stdout. Pick your perferred key type and copy & paste into your CD/CI settings and remote server.

Getting SSH_KNOWN_HOSTS

SSH to the server and run ssh-keyscan on the full domain name of the SSH_HOST:

ssh-keyscan hostname.com

You can also do it locally, but doing it on the server it's self prevents any man-in-the-middle shenanigans.

GitLab CI/CD Example

Create a .gitlab-ci.yml file in the root of your project to trigger SSH commands on a remote server on commit to the master branch.

deploy:
  ## Replace latest with a SHA for better security
  image: mountainash/openssh-client:latest
  only:
    - master
  environment:
    name: production
    url: https://domainname.com/
  variables:
    GIT_STRATEGY: none
    GIT_SUBMODULE_STRATEGY: none
  script:
    - ssh $SSH_USER_NAME@$SSH_HOST "cd /www && git pull $CI_REPOSITORY_URL && exit"
  allow_failure: false

image can also be pulled from registry.gitlab.com/containeryard/openssh

GitHub Actions Workflow Example

In ./github/workflows/ssh-deploy.yml (or similar).

name: Deploy to Remote Server

on:
  push:
    branches:
      - main

jobs:
  deploy:
    name: Deploy to Remote Server
    runs-on: ubuntu-latest
    container:
      image: registry.gitlab.com/containeryard/openssh
      env:
        SSH_HOST: ${{ vars.SSH_HOST }}
        SSH_KNOWN_HOSTS: ${{ vars.SSH_KNOWN_HOSTS }}
        SSH_USER_NAME: ${{ vars.SSH_USER_NAME }}
        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
      volumes:
          - ./:/app/
    steps:
      - name: Copy HTML to Remote Server
        run: scp /app/sample.html $SSH_USER_NAME@$SSH_HOST:/home/mountainash/www/sitename/index.html

image can also be pulled from mountainash/openssh-client:latest (Docker Hub).

Contribute

Credits

About

openssh-client + entrypoint to set up ssh-agent, ssh-add & known_hosts for easy CI/CD pipeline use.

hub.docker.com/r/mountainash/openssh-client

Topics

github docker ssh devops gitlab deployment pipeline docker-image hacktoberfest cdci

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

v1.1.3 Latest
Mar 10, 2024
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages