A handy Docker Image for connecting through SSH to remote hosts with optional support for SSH host keys.
Can be used in a deployment pipeline to connect to a remote host, and run a git, a Docker pull
or any CLI command.
These variables are set in GitLab CI/CD settings (but could be any CI/CD pipeline service eg. GitHub Actions, CircleCI, Jenkins, etc.):
SSH_HOST
(remote's hostname)SSH_KNOWN_HOSTS
(host's key signature eg.[172.31.98.99]:22222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE...n9K9hnplyRGA3MJfe/wBoCVIaX
, can be set toNoStrictHostKeyChecking
to not check)SSH_USER_NAME
(ssh username for access to the host)SSH_PRIVATE_KEY
(ssh private key for SSH_USER_NAME)
Need some new keys? You can use this image to generate them (no polluting up your local machine with keys - and adding to your "vector").
docker run --rm mountainash/openssh-client:latest ./keygen.sh
Four different types (dsa, ecdsa, ed25519, or rsa) public and private authentication keys will be printed to stdout. Pick your perferred key type and copy & paste into your CD/CI settings and remote server.
SSH to the server and run ssh-keyscan
on the full domain name of the SSH_HOST
:
ssh-keyscan hostname.com
You can also do it locally, but doing it on the server it's self prevents any man-in-the-middle shenanigans.
Create a .gitlab-ci.yml
file in the root of your project to trigger SSH commands on a remote server on commit to the master
branch.
deploy:
## Replace latest with a SHA for better security
image: mountainash/openssh-client:latest
only:
- master
environment:
name: production
url: https://domainname.com/
variables:
GIT_STRATEGY: none
GIT_SUBMODULE_STRATEGY: none
script:
- ssh $SSH_USER_NAME@$SSH_HOST "cd /www && git pull $CI_REPOSITORY_URL && exit"
allow_failure: false
image
can also be pulled from registry.gitlab.com/containeryard/openssh
In ./github/workflows/ssh-deploy.yml
(or similar).
name: Deploy to Remote Server
on:
push:
branches:
- main
jobs:
deploy:
name: Deploy to Remote Server
runs-on: ubuntu-latest
container:
image: registry.gitlab.com/containeryard/openssh
env:
SSH_HOST: ${{ vars.SSH_HOST }}
SSH_KNOWN_HOSTS: ${{ vars.SSH_KNOWN_HOSTS }}
SSH_USER_NAME: ${{ vars.SSH_USER_NAME }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
volumes:
- ./:/app/
steps:
- name: Copy HTML to Remote Server
run: scp /app/sample.html $SSH_USER_NAME@$SSH_HOST:/home/mountainash/www/sitename/index.html
image
can also be pulled from mountainash/openssh-client:latest
(Docker Hub).
- GitLab: https://gitlab.com/containeryard/openssh
- GitHub (mirror): https://github.com/mountainash/openssh-client
- Based on https://github.com/chuckyblack/docker-openssh-client / https://hub.docker.com/r/jaromirpufler/docker-openssh-client but added host keys support
- Pufferfish by Catalina Montes from the Noun Project