SSH Key Pair

Last updated

An SSH Key Pair account is one of the more secure authentication methods available for connections to SSH Targets.

Creating an SSH Key Pair 

Before you can configure the SSH Key Pair account in Octopus, you need to generate public and private keys. This can be done on either the Linux target or the Octopus Server.

Generating a Key Pair on Linux

  1. Run the following command on your Linux server: ssh-keygen
  2. Accept the default location: ~/.ssh/id_rsa
  3. Enter a passphrase (or press enter for no passphrase).
  4. If you entered a passphrase, re-enter the passphrase.

You now have two files:

  • id_rsa (the private key)
  • id_rsa.pub (the public key)

The public key will be stored on this (the Linux) server and the private key will be copied to the Octopus Server.

  1. Copy the public key to the authorized_keys file that is used during authentication:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  1. Modify the permissions of the authorized_keys file:
chmod 600 ~/.ssh/authorized_keys
  1. Copy the private key to the machine your Octopus Server is installed on.

Proceed to creating the the SSH Key Pair account.

If you need more information about generating an SSH key pair, see the useful links section.

Generating a Key Pair on Windows

The easiest way to generate valid keys on windows is to use a tool like PuTTYgen. Start by clicking "Generate" and wait for the tool to finish creating the random key pair.

Provide your passphrase if desired and export the private key to the accepted format by going to Conversions ➜ Export Openssh Key.  Clicking "Save private key" will actually produce a file that, while it can be used by this tool again, is not compatible with the standard SSH process. To get the public key over to the server you can either click "Save public key", copy the file across to the server and add the key to ~/.ssh/authorized_keys as outlined above, or just cut+paste the content from the textbox directly into the remote file.

If you need more information about generating an SSH key pair, see the useful links section.

Creating the SSH Key Pair Account

  1. Navigate to Infrastructure ➜ Accounts and click ADD ACCOUNT.
  2. Select SSH Key Pair from the dropdown menu.
  3. Give the account a name so you can easily identify it when you need to use the account.
  4. Add a description.
  5. Enter the username you will use to access the remote host.
  6. Upload the private key to the Octopus server.
  7. Enter the passphrase for the private key if you created one.
  8. If you want to restrict which environments can use the account, select only the environments that are allowed to account. If you don't select any environments, all environments will be allowed to use the account.
  9. Click SAVE.

The account is now ready to be used when you configure your SSH deployment target.

The server will confirm that this private key matches its public key at the start of each SSH connection.

If you are storing the private key on disk it is recommended, but not mandatory, that you encrypt the key.

Due to the number and configurable nature of the various Linux distributions available, there are other dedicated sites that can provide more precise information & tutorials for your specific use case.