Using SSH Agent Plugin On Jenkins | Linux ssh-keygen command | SSH-Agent | Jenkins Windows

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
all right so if you are working with linux, vm's,  git github and clouds aws clouds nowadays you   might have already heard about ssh keys ssh  secure shell keys are an access credentials   that is used in ssh protocol so i'm going to  talk about these things related to sss agent   and how you can use in jenkins so for this i'm  going to talk about all these points which you see   in the screen now first we are going to understand  about ssh keys i'm going to keep it really really   simple in super layman terms, and then secondly we  will generate sss keys in a linux machine we can   do that in windows machine but i think it's more  easier to do it in a linux machine, third we'll   use a such agent plugin in jenkins actually in a  windows machine I mean the jenkins will be running   in a windows machine you must know this properly  else ssh keys might not work whether you connect   to github or other such services. Fourth we'll  see few examples of ssh agent in action with the   jenkins running in my windows machine, I'm kumar  and welcome to my channel on tech and tutorials.   So let's get started so first let us try to  understand a little bit about the ssh protocol   actually ssh protocol is heavily used nowadays  you use it to log in remotely from one machine to   another machine most likely into a linux machine  or to our aws vms linux vms so if you are working   from windows you use your putty to connect to  your linux machine using the ssh protocol ssh   is a strong encryption which makes it good to  carry out tasks such as doing remote commands   and remotely managing network network host and  others other services in your office or in your   cloud network let's go to google and search for  ssh protocol you can go to this picture here and   see here there is an ssh client and sss server  there is a communication which is happening   between that and you can see the client initiates  the connection by contacting server and then the   server actually sends the public key and then it  negotiates parameter and opens the secure channel   both ways and then the client is able to login to  the server ssh server and then continue with the   other operations so that's about the protocol flow  of connection main point to note without ssh you   want to transfer data to one of your friends it is  possible to be opened and read by someone else and   then using ssh protocol it will be encrypted  and secured with the public keys and only the   receiver can open it okay so now coming back  to the sss case the keys are an authentication   mechanism actually used to access the remote  entity without having to provide your password   every time and it goes in an encrypted way sss key  pair actually creates when you when you generate   the sss key pairs it will create two long strings  of characters you will get a public key and a   private key so on windows also you can generate  your own ssh keys pair by downloading and using   an ssh client like putty on mac and linux machines  it is possible to generate an ssh key pair using   the same terminal window you can generate your  sss keys anywhere but you need to put it in   a proper place or proper location to use it to  access it okay so this is super important now so   just listen up so the private key remains on the  system being used to access the remote server okay   and it is actually used to decrypt information  that is exchanged in the ssh protocol so again   i am repeating the private key stays on the client  so in this picture if you see here the ssh client   this is where you will keep your private key so  let me just put it here private so the private key   stays in this in the client machine and the public  key will stay in the server so public and then the   private key is actually secured by a passphrase  you will see that once when we generate the   case in a linux machine now coming to the public  key a public key is actually used to encrypt   information and is used by the user and the remote  server i mean the client and as well as the server   so the public key is actually saved in a file  that contains that will actually have a list   of authorized public keys so it can have multiple  public keys so multiple clients should be able to   connect to the server since this is the server  machine and then there can be multiple clients   we'll store the public key in a authorized file  in the server side so you will actually save it in   the authorized underscore keys file will see that  when we generate the keys in our one of the linux   machine and you place the public key on any server  basically you can generate the keys any machine   anywhere but you can place the public key in  or your server that you want to access and then   your private key will be in the client machine as  i was saying earlier this is super important you   will have to use the private key in your client  machine to connect to this server so that's how   jenkins will be able to connect one of these  servers jenkins will have the private key and it   should be able to connect to the server using that  private key and the pass phrase okay so i hope i   was able to explain it in easy way okay moving  ahead and going on to the next next point of   discussion we will try to generate ssh keys in one  of the linux machines so let us go to the console   okay so this is one of my servers which is running  ubuntu 20 linux os and i'm logging as a docker   user in this machine i have already generated ssh  keys for this user what i can show you here is   this is the folder where actually you will get all  the keys so once you come to your home folder this   case home docker this is the home folder for  the docker user and then dot ssh you will see   your keys in here so once you in you can see that  this ones i already generated id underscore rsa   is the private key and this is pub is the public  key and this is where you store the public keys   actually the authorized underscore keys so what i  will do is i will try to generate ssh key for the   root user so i log in as root pseudo minus  i and i'll try to generate the ssh keys here   so for that let me go to ssh so going to google  and then you can search for ssh keygen one of   these you can go to one of these urls probably  the first one and so the command is ssh-keygen   and this is one command you can use and you can  generate your public and the private key pair so   there are a lot of options which you can provide  while generating like minus t is the type of key   you can go through this link and you can do  it so if you see in this link in here you can   see that all the options and all the descriptions  minus b is for bits number of bits in the key how   how secure is your keys and then minus t is the  algorithm which is used so basically by default   it is rsa so if you want you can go through  this link and read through it let us go ahead   and generate our ssh keys so once i come here now  this is my root login and then i will do is ssh   key chain so i'll just provide the single command  sss keys and without any option and let's see what   actually it does okay so it is asking where to  save this file so by default it goes to the home   folder so this is a root login so it goes to  root dot ssh and then id underscore rsa which   where you want to save your key the private so  this is for the private let's save it in their   home folder so i'll just hit enter which will save  it in this path dot ssh id underscore rsa and then   you need to provide a passphrase the next query  does is for the passphrase you can keep it empty   if you want to but it is good practice to provide  a proper password or passphrase in this case so   that it's more difficult for unauthorized people  in case if they get your keys secret key also then   they should not be able to use that private key  without the passphrase so what i will do here is i   will provide a passphrase in here and hit enter so  it will again ask to enter the passphrase okay so   now my both my public and the private keys would  have been generated so let us see that so use let   us go to dot ssh folder and clear my screen and  then see id underscore rsa id underscore rsa dot   okay so these are my two keys one is the private  and one is the public key next thing i have to do   is i have to add my public key into the authorized  keys so that whoever has this private key should   be able to login to this machine without  needing to provide the username and password   so what can do is i can just do like this get  the public key and redirect it to the authorized   key so the best way to do is you should append to  this authorized key right now this authorized key   authorized underscore keys file is fully empty  but most times if it is a server it will have   other keys as well so you should do an app and  rather than copy it directly into this file so   this command will append the public keys this  case into the authorized underscore keys file   so that completes the generation of the ssh  keys and we are ready to use it in any client   application wherever we want to so next we are  going to use this private and the public keys in   jenkins and we are going to use the ssh dash agent  plugin in jenkins so for that we need to log in   to the jenkins server so let us open our jenkins  in my machine okay jenkins dot work so in the   meantime let me also open the browser okay so  looks like my jetkins is fully up and running   now let us go ahead and see here okay so let  me login once we log into jenkins server go to   manage jenkins and we have to do is we have to  go to manage plugins okay in the plugin manager   we can go to available and we can search for ssh  dash agent and you should see this one ss agent   and you can do a install without restart so this  is going to take few seconds and this is done   go to the top edge home page so next what we can  do is we can again go to manage jenkins and we   can add the credentials the private key in jenkins  in this jenkins so go to manage credentials okay   so once we are in the credentials you can go to  jenkins here so i have already created my ssh   keys for the docker host earlier so that's why you  are able to see this one but then once you go to   jenkins and then go to global credentials and you  should see all your credentials for accessing your   other services or other servers so what we can do  is we can add credential for our root ssh keys so   you can select ssh username with private key and  you can provide docker host root keys and you can   provide the username as docker that's okay to  give it will work fine here we can provide the   user to login in the shell command while we do  the actual login and then you can provide you   can provide the private key directly here so  let's go to here let's go to the machine and   then we can copy our private key so let me do a  cat then copy let's copy this whole private key   and it was pasted here okay so this is fine and  you provide the passphrase that you provided while   generating your ssh keys and then click okay okay  so this is good and fine now now let's create a   jenkins job to test our ssh keys from this jenkins  to the ubuntu server so let's create a pipeline   job in here and click ok so what i'll do is i'll  keep on i keep on discarding the old build so that   it doesn't consume space in my system i just put  two in then move ahead and go to pipeline script   in the pipeline script let us go to pipeline  syntax to build our script and let us select the   ssh agent and this is what it will generate  so for this what we'll do is we'll use the   old one i mean the docker one first and before  trying out the root one docker host ssh case   this is the old one using the docker login not  the root one that i created and we'll generate   a pipeline script let's copy this ssh agent using  these keys and let us come back to our jenkins job   and paste it here okay so what i will do is i'll  make it as a scripted pipeline script instead   of a declarative one so again let us come  back here so let me also copy this one first   so this is the one paste it here okay so let me  change the username as well as the ip192.ca dot   and let us and then let us save this so let me run  this this is not going to work because i haven't   set the ssh agent anyway so let us build this and  let me show you the exception that it generate   okay so let us go to the build history and then  go to console output for this one and now you see   that this ssh agent could not find a suitable ssh  agent provider so that means it's not finding the   ssh agent command in this windows machine for this  what you need to do is you need to install git   bash in your windows machine i already have git  bash in my windows machine so let me let me open   a git bash so git bash so this is git bash so what  we can do is we can search for ssh agent whereas   this is agent and it gives us two path here one  is the c program files git this is the one which   came with my git bash gate and this is the one by  default windows has this open ssh so the problem   is this windows one will not work with the jenkins  one because of because of this bug in jenkins see   here as a region plugin broken on windows10 if you  go to this url and if you see that here what they   are saying is you need you need to provide the  path of your ssh agent for the git one not the one   which is in open ssh okay so for that let us go to  our environment variable setting in this windows   machine env and go to environment variables and  let us go to the path variable for this if you see   here here you see already system32 open ssh system  root system32 open ssh okay okay windows system32   open ssh so this path is already there for this  windows machine but it it will not work because   of this problem which i have shown you in here  okay so what we need to do is we need to copy   this path up till bin and come back to environment  variable and click new and paste it okay and then   what we do is we move this up above the open  ssh one which comes by default with the windows   machine so i just moved it above the windows one  just above this one and i press ok and okay and   then again another okay now the other thing which  we need to do is we need to restart our jenkins so   for that i close this stop this jenkins which is  running and i have to close this command prompt   otherwise it doesn't get proper variables so let  me again open another prompt and then restart   jenkins server okay okay so my jenkins is fully  up and running now and it's taking a bit more time   it's back up now go to jenkins login we go back to  our jenkins job and now we do a bill now and see   how it works so let us go inside this job console  output and now you see that it got fine my command   got executed on that machine 192 168 1.16 and you  see the command you name minus a got executed and   see the details in here so what i can do is i can  go back to this one configure and let's change the   command here and put a who here wh oh we'll save  it and do a bill now and go to the console output   of this and see who is the user which got logged  in so docker so now this was the command 182 161   1.16 and who was the who who was the command and  you see here docker this is the only one user   which got logged in into that ubuntu server  okay we have seen how you can configure ss   agent in jenkins and we have seen how to configure  your windows machine to be able to connect to   a linux machine and execute command okay in the  final part let us see with another user the root   user and then we will see few examples for this  ssh as and how you can make it running in a better   way for your jenkins server okay so let us go  back to our project and do a configure again and   this time let us go back again let us go back to  our pipeline script and let us use the same ssh   agent and this time let us use the docker one i  mean this is the one which was the root users ssh   keys and generate a pipeline script again here  so let me copy this paste it here and let me   copy the same command and we'll do a save and  let us do a bill now so this is going to fail   so let us see that let us go into the console  output you should see a permission denied cause   the login provided was docker whereas  we generated keys with root user so we   come back to the configure job page again  and this time we will change this user to   root user and even we'll change this command to  something more specific like who am i where my   seems to be better command to find out who has  login instead of where my command is the better   command to print who actually is logged in into  that machine so we'll do a save and we will do a   build now and let us go and see the console output  and this time you see here the first one's okay   prints the docker and the second one the second  command where we have provided provided the root   users access keys as well as the login user is  root and the command who mi prints the root user   so you see that even if the root user login with  password is disabled you know in ubuntu root user   login is disabled by default with the password  the same user is able to connect with ssh keys to   our ubuntu machine and you see the power of this  ssh keys and how important to safeguard your keys   and passphrase in a proper location wherever  you are using those keys let us do one thing   let us provide another command to identify  it better id i'll provide here and then   id i'll provide do is save and let us run it again  so now you see that the id which got generated   this was the first one using the docker ssh case  the ide this is uid docker 1000 this is the docker   login for this one the root one and the id is  zero here roots so that's how i'm able to login as   root user it's a proper root login into this  ubuntu server machine so next so this is all good   and fine but let me show you one issue here what  happens is if for some reason my command actually   fails here it's not able to execute the command  or it gives an exist exit status of failure here   so for example i provide some invalid command let  me save this and let me do a build now and you see   that this command got failed finish script written  quote exit code 127 and it it got failed here   because this command is not found in this linux  machine what actually i wanted is i just want to   be not failing i don't want this part of code  to fail out just want to execute this command in   the linux machine it doesn't matter to me that it  failed or it passed but i want to go to the next   next command so how can i do that so for that  what we need to do is we need we need to provide   a little different way of executing this ssh  command so what we can do is we can provide this   command sh return status no matter what it should  return as true and then the script will pass   in the other ssh command so if this one fails  also it should go to the next so i'll do a save   and let me do a build now and let us go to the  console output and see what's actually happening   here you see here the command not found it went  ahead after this and then you see the next command   it got fast and the final final status would be  successive so the next command also got executed   in spite of the previous one getting failed okay  so that's all in this video i hope it was helpful   to you we have seen about ssh keys we have talked  a little bit about ssh protocol in a super easy   way and then we have seen how to generate sss  keys in a linux machine also we have seen about   the sss agent plugin in jenkins and of course we  have seen how you can configure it in a windows   machine and then we've seen a couple of examples  of ssh agent in action with jenkins thanks so much   for watching and do subscribe my channel for  more such videos and see you in the next video
Info
Channel: Kumar'S
Views: 17,573
Rating: undefined out of 5
Keywords: kumar's, linux, ssh keys, ssh-agent, Jenkins, Jenkins ssh keys, Jenkins ssh-agent, jenkins tutorial, ssh protocol, SSH-Keys in Linux, SSH-Agent path in Windows, Jenkins on Windows, Jenkins windows tutorial, jenkins linux connection
Id: i70KZnEmgqw
Channel Id: undefined
Length: 20min 8sec (1208 seconds)
Published: Sat Jan 01 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.