SSH target requirements

Before you can configure your SSH deployment targets, they must meet the requirements for a Linux server and the following additional requirements:

It must be accessible through SSH and SFTP (See creating an SSH Key Pair).

Bash startup files

When connecting to a target over SSH, the Octopus Server connects then executes the script via the /bin/bash command to ensure it is running with a bash shell (and not the default terminal shell for that user). Any login scripts that you wish to run should therefore be put into the .bashrc script file since this is invoked for non-login shells.

For example, with targets on a Mac the default $PATH variable may be missing /usr/sbin. This can be added in the .bashrc script with the line:

PATH=$PATH:/usr/sbin

If the .bashrc file doesn’t already exist, create it in the user folder of the user that is connecting to the Max OSX instance. If the remote user is called octopus, then this file will be located at /Users/octopus/.bashrc.

See the Bash Reference Manual, section 6.2 Bash Startup Files for more information about startup scripts.

.NET

Calamari is the command-line tool that is invoked to perform the deployment steps on the deployment target. Calamari runs on .NET. SSH targets can be configured to use either:

Self-contained Calamari built against .NET Core (recommended).
Calamari on Mono built against the full .NET framework.

Python

Octopus can execute Python scripts on SSH targets provided the following criteria are met:

Python is version 3.4+
Python3 is on the path for the SSH user executing the deployment
pip is installed or the pycryptodome python package is installed

ScriptCS and F#

Support for ScriptCS and F# scripts are only available with Mono 4 and above. While they require mono installed, they will still execute with the self-contained Calamari.

ScriptCS has not been ported for .NET Core (GitHub issue).

Similarly, the F# interpreter has also not yet been ported for .NET Core (GitHub issue).

ScriptCS does not work on Mono 5.16 and higher. We recommend using Mono 5.14.x.

Self-contained Calamari

When using the self-contained option, neither .NET Core nor Mono need to be installed on the target server (there are still some pre-requisite dependencies).

Self-contained Calamari is built as a .NET Core self-contained distributable.

Self-Contained .NET Core dependencies

.NET Core has some dependencies which must be installed on the target server.

Calamari on Mono

Mono is being deprecated and may no longer be available in future versions of Octopus Server. We recommend upgrading your SSH Target to make use of Self-contained Calamari

Calamari can execute on the Mono framework.

Version 5.14.0 or greater of Mono is supported, however 5.18.0 is the latest version that we currently test against. Version 3.10 or greater may work, however we strongly recommend using a supported version.

You can find instructions for installing Mono in the Mono documentation.

Calamari on Mono limitations

TLSv1.2 support available in Mono >= 4.8.0

TLSv1.2 support was only included from Mono version 4.8.0. Due to the weak cryptographic nature of older encryption algorithms, many websites are no longer providing support for TLSv1 TLSv1.1 and as such clients must ensure that they are able to use TLSv1.2 in order to communicate.

Although previous versions of Mono should work in most deployment scenarios, any deployments that involve the target accessing endpoints that require TLSv1.2 (for example downloading from Maven or GitHub feeds) may fail.

.NET Configuration transformations only available in Mono >= 4.2.3

The .NET configuration transforms feature will only work on Mono 4.2.3 and above.

This was due to a bug with XML Transformations.

Note that substitute variables in templates can still be used without issue on earlier Mono versions.

Package repository SSL certificates

If you configure your deployment such that the target pulls down the package itself directly from the NuGet repository, the correct SSL certificates need to also be available to Mono. By default, Mono pre 3.12 didn’t trust any certificates and the root certs in question would need to be either manually imported, or synced with Mozilla’s list by invoking mozroots or cert-sync. Thankfully Mono’s latest builds perform this step during installation so it should “just work”.

See Mono’s security FAQ for more details.

Mono on OSX

If you are using a Mac with OSX as an SSH deployment target, you may see the following error message:

Required command 'mono' is not available

This can occur even if Mono is installed and can be executed from a local shell. This is because the environment exposed to an SSH session can differ from the environment used by a local shell.

To fix this:

If it doesn’t already exist, create a file called .bashrc in the home folder of the user that is connecting to the Mac OSX instance. If the remote user is called octopus, then this file will be located at /Users/octopus/.bashrc.
Add the path environment variable to the .bashrc file to include the location of the mono executable e.g.

export PATH=/Library/Frameworks/Mono.framework/Versions/Current/bin/:${PATH}

Learn more

Configure your SSH deployment targets
Linux blog posts

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Friday, March 22, 2024

Edit on GitHub