Before you can configure your SSH deployment targets, they must meet the following requirements:
- It is accessible through SSH and SFTP (See creating an SSH Key Pair).
$HOMEenvironment variable must be available.
bash3+ is available at
/bin/bash. (It does not need to be the user’s default shell.)
taris available. This is used to unpack Calamari.
base64is available. This is used for encoding and decoding variables.
Bash startup files
When connecting to a target over SSH, the Octopus Server connects then executes the script via the
/bin/bash command to ensure it is running with a bash shell (and not the default terminal shell for that user). Any login scripts that you wish to run should therefore be put into the
.bashrc script file since this is invoked for non-login shells.
For example, with targets on a Mac the default $PATH variable may be missing
/usr/sbin. This can be added in the
.bashrc script with the line:
.bashrc file doesn't already exist, create it in the user folder of the user that is connecting to the Max OSX instance. If the remote user is called
octopus, then this file will be located at
See the Bash Reference Manual, section 6.2 Bash Startup Files for more information about startup scripts.
Calamari is the command-line tool that is invoked to perform the deployment steps on the deployment target. Calamari runs on .NET. SSH targets can be configured to use either:
- Self-contained Calamari built against .NET Core (recommended).
- Calamari on Mono built against the full .NET framework.
Octopus can execute Python scripts on SSH targets provided the following criteria are met:
- Python is version 3.4+
- Python3 is on the path for the SSH user executing the deployment
- pip is installed or the pycryptodome python package is installed
ScriptCS and F#
Support for ScriptCS and F# scripts are only available with Mono 4 and above. While they require mono installed, they will still execute with the self-contained Calamari.
ScriptCS has not been ported for .NET Core (GitHub issue).
Similarly, the F# interpreter has also not yet been ported for .NET Core (GitHub issue).
ScriptCS does not work on Mono 5.16 and higher. We recommend using Mono 5.14.x.
When using the self-contained option, neither .NET Core nor Mono need to be installed on the target server (there are still some pre-requisite dependencies).
Self-contained Calamari is built as a .NET Core self-contained distributable.
Self-Contained .NET Core dependencies
.NET Core has some dependencies which must be installed on the target server.
Calamari on Mono
Version 3.10 or greater of Mono is required; however, we recommended a minimum of version 4.8.0.
You can find instructions for installing Mono in the Mono documentation.
Calamari on Mono limitations
TLSv1.2 support available in Mono >= 4.8.0
TLSv1.2 support was only included from Mono version 4.8.0. Due to the weak cryptographic nature of older encryption algorithms, many websites are no longer providing support for TLSv1 TLSv1.1 and as such clients must ensure that they are able to use TLSv1.2 in order to communicate.
Although previous versions of Mono should work in most deployment scenarios, any deployments that involve the target accessing endpoints that require TLSv1.2 (for example downloading from Maven or GitHub feeds) may fail.
.NET Configuration transformations only available in Mono >= 4.2.3
The .NET configuration transforms feature will only work on Mono 4.2.3 and above.
This was due to a bug with XML Transformations.
Note that substitute variables in templates can still be used without issue on earlier Mono versions.
Package repository SSL certificates
If you configure your deployment such that the target pulls down the package itself directly from the NuGet repository, the correct SSL certificates need to also be available to Mono. By default, Mono pre 3.12 didn’t trust any certificates and the root certs in question would need to be either manually imported, or synced with Mozilla’s list by invoking
cert-sync. Thankfully Mono's latest builds perform this step during installation so it should “just work”.
See Mono’s security FAQ for more details.
Mono on OSX
If you are using a Mac with OSX as an SSH deployment target, you may see the following error message:
Required command 'mono' is not available
This can occur even if Mono is installed and can be executed from a local shell. This is because the environment exposed to an SSH session can differ from the environment used by a local shell.
To fix this:
- If it doesn't already exist, create a file called
.bashrcin the home folder of the user that is connecting to the Mac OSX instance. If the remote user is called
octopus, then this file will be located at
- Add the path environment variable to the
.bashrcfile to include the location of the mono executable e.g.
Need support? We're here to help.