Generate Key As Jenkins User Windows
First, you can generate an ssh key from any account. This is on Ubuntu, but on Windows, you need to check which user account is running Jenkins, and, as described above, copy the ssh key pair in the right.ssh folder. Plesk: Generate SSH Key for jenkins user. Jul 22, 2019 Following document provides details to setup Master Slave configuration in Jenkins. Windows is configured as Master and Linux as Slave node. Generate ssh key. Jenkins user with SSH key is created. Setup of New Node in Jenkins. Click on Manage Nodes. If you don't already have an SSH key, you must generate a new SSH key.If you're unsure whether you already have an SSH key, check for existing keys. If you don't want to reenter your passphrase every time you use your SSH key, you can add your key to the SSH agent, which manages your SSH keys and remembers your passphrase. While GitLab does not support installation on Microsoft Windows, you can set up SSH keys to set up Windows as a client. Options for SSH keys. GitLab supports the use of RSA, DSA, ECDSA, and ED25519 keys. GitLab has deprecated DSA keys in GitLab 11.0.; As noted in Practical Cryptography With Go, the security issues related to DSA also apply to ECDSA.
Sep 12, 2012 Generate rsa key pair on your Jenkins server. Log into the server as the user that Jenkins runs under. On windows, when Jenkins is running as a service, I also had to make sure that the service was being started as the same user that I generated the ssh key with, to make sure it finds the correct ssh key. If you created keys under. Aug 19, 2017 Generating SSH keys for the Jenkins service. On Windows, the Jenkins services run as the Local System user by default, not your own user identity. It’s important to understand that Jenkins will be executing the Git commands and authenticating in the context of that user identity.
-->This quickstart shows how to install Jenkins on an Ubuntu Linux VM with the tools and plug-ins configured to work with Azure. When you're finished, you have a Jenkins server running in Azure building a sample Java app from GitHub.
Prerequisites
- An Azure subscription
- Access to SSH on your computer's command line (such as the Bash shell or PuTTY)
If you don't have an Azure subscription, create a free account before you begin.
Create the Jenkins VM from the solution template
Jenkins supports a model where the Jenkins server delegates work to one or more agents to allow a single Jenkins installation to host a large number of projects or to provide different environments needed for builds or tests. The steps in this section guide you through installing and configuring a Jenkins server on Azure.
In your browser, open the Azure Marketplace image for Jenkins.
Select GET IT NOW.
After reviewing the pricing details and terms information, select Continue.
Select Create to configure the Jenkins server in the Azure portal.
In the Basics tab, specify the following values:
Name - Enter
Jenkins
.User name - Enter the user name to use when signing in to the virtual machine on which Jenkins is running. The user name must meet specific requirements.
Authentication type - Select SSH public key.
SSH public key - Copy and paste an RSA public key in single-line format (starting with
ssh-rsa
) or multi-line PEM format. You can generate SSH keys using ssh-keygen on Linux and macOS, or PuTTYGen on Windows. For more information about SSH keys and Azure, see the article, How to Use SSH keys with Windows on Azure.Subscription - Select the Azure subscription into which you want to install Jenkins.
Resource group - Select Create new, and enter a name for the resource group that serves as a logical container for the collection of resources that make up your Jenkins installation.
Location - Select East US.
Select OK to proceed to the Additional Settings tab.
In the Additional Settings tab, specify the following values:
Size - Select the appropriate sizing option for your Jenkins virtual machine.
VM disk type - Specify either HDD (hard-disk drive) or SSD (solid-state drive) to indicate which storage disk type is allowed for the Jenkins virtual machine.
Virtual network - (Optional) Select Virtual network to modify the default settings.
Subnets - Select Subnets, verify the information, and select OK.
Public IP address - The IP address name defaults to the Jenkins name you specified in the previous page with a suffix of -IP. You can select the option to change that default.
Domain name label - Specify the value for the fully qualified URL to the Jenkins virtual machine.
Jenkins release type - Select the desired release type from the options:
LTS
,Weekly build
, orAzure Verified
. TheLTS
andWeekly build
options are explained in the article, Jenkins LTS Release Line. TheAzure Verified
option refers to a Jenkins LTS version that has been verified to run on Azure.JDK Type - JDK to be installed. Default is Zulu tested, certified builds of OpenJDK.
Select OK to proceed to the Integration Settings tab.
In the Integration Settings tab, specify the following values:
- Service Principal - The service principal is added into Jenkins as a credential for authentication with Azure.
Auto
means that the principal will be created by MSI (Managed Service Identity).Manual
means that the principal should be created by you.- Application ID and Secret - If you select the
Manual
option for the Service Principal option, you'll need to specify theApplication ID
andSecret
for your service principal. When creating a service principal, note that the default role is Contributor, which is sufficient for working with Azure resources.
- Application ID and Secret - If you select the
- Enable Cloud Agents - Specify the default cloud template for agents where
ACI
refers to Azure Container Instance, andVM
refers to virtual machines. You can also specifyNo
if you don't wish to enable a cloud agent.
- Service Principal - The service principal is added into Jenkins as a credential for authentication with Azure.
Select OK to proceed to the Summary tab.
When the Summary tab displays, the information entered is validated. Once you see the Validation passed message (at the top of the tab), select OK.
When the Create tab displays, select Create to create the Jenkins virtual machine. When your server is ready, a notification displays in the Azure portal.
Connect to Jenkins
Navigate to your virtual machine (for example, http://jenkins2517454.eastus.cloudapp.azure.com/
) in your web browser. The Jenkins console is inaccessible through unsecured HTTP so instructions are provided on the page to access the Jenkins console securely from your computer using an SSH tunnel.
Set up the tunnel using the ssh
command on the page from the command line, replacing username
with the name of the virtual machine admin user chosen earlier when setting up the virtual machine from the solution template.
After you have started the tunnel, navigate to http://localhost:8080/
on your local machine.
Get the initial password by running the following command in the command line while connected through SSH to the Jenkins VM.
Unlock the Jenkins dashboard for the first time using this initial password.
Select Install suggested plugins on the next page and then create a Jenkins admin user used to access the Jenkins dashboard.
The Jenkins server is now ready to build code.
Create your first job
Select Create new jobs from the Jenkins console, then name it mySampleApp and select Freestyle project, then select OK.
Select the Source Code Management tab, enable Git, and enter the following URL in Repository URL field: https://github.com/spring-guides/gs-spring-boot.git
Select the Build tab, then select Add build step, Invoke Gradle script. Select Use Gradle Wrapper, then enter complete
in Wrapper location and build
for Tasks.
Select Advanced and then enter complete
in the Root Build script field. Select Save.
Build the code
Select Build Now to compile the code and package the sample app. When your build completes, select the Workspace link for the project.
Navigate to complete/build/libs
and ensure the gs-spring-boot-0.1.0.jar
is there to verify that your build was successful. Your Jenkins server is now ready to build your own projects in Azure.
Troubleshooting the Jenkins solution template
If you encounter any bugs with the Jenkins solution template, file an issue in the Jenkins GitHub repo.
Next Steps
-->Azure Repos Azure DevOps Server 2019 TFS 2018 TFS 2017 TFS 2015 Update 3
Connect to your Git repos through SSH on macOS, Linux, or Windows to securely connect using HTTPS authentication. On Windows, we recommended the use of Git Credential Managers or Personal Access Tokens.
Important
SSH URLs have changed, but old SSH URLs will continue to work. If you have already set up SSH, you should update your remote URLs to the new format:
- Verify which remotes are using SSH by running
git remote -v
in your Git client. - Visit your repository on the web and select the Clone button in the upper right.
- Select SSH and copy the new SSH URL.
- In your Git client, run:
git remote set-url <remote name, e.g. origin> <new SSH URL>
. Alternatively, in Visual Studio, go to Repository Settings, and edit your remotes.
Note
As of Visual Studio 2017, SSH can be used to connect to Git repos.
How SSH key authentication works
SSH public key authentication works with an asymmetric pair of generated encryption keys. The public key is shared with Azure DevOps and used to verify the initial ssh connection. The private key is kept safe and secure on your system.
Set up SSH key authentication
The following steps cover configuration of SSH key authentication on the following platforms:
- Linux
- macOS running at least Leopard (10.5)
- Windows systems running Git for Windows
Configure SSH using the command line. bash
/distributed-key-generation-for-the-internet.html. is the common shell on Linux and macOS and the Git for Windows installation adds a shortcut to Git Bash in the Start menu.Other shell environments will work, but are not covered in this article.
Step 1: Create your SSH keys
Note
If you have already created SSH keys on your system, skip this step and go to configuring SSH keys.
The commands here will let you create new default SSH keys, overwriting existing default keys. Before continuing, check your~/.ssh
folder (for example, /home/jamal/.ssh or C:Usersjamal.ssh) and look for the following files:
- id_rsa
- id_rsa.pub
If these files exist, then you have already created SSH keys. You can overwrite the keys with the following commands, or skip this step and go to configuring SSH keys to reuse these keys.
Create your SSH keys with the ssh-keygen
command from the bash
prompt. This command will create a 2048-bit RSA key for use with SSH. You can give a passphrasefor your private key when prompted—this passphrase provides another layer of security for your private key.If you give a passphrase, be sure to configure the SSH agent to cache your passphrase so you don't have to enter it every time you connect.
This command produces the two keys needed for SSH authentication: your private key ( id_rsa ) and the public key ( id_rsa.pub ). It is important to never share the contents of your private key. If the private key iscompromised, attackers can use it to trick servers into thinking the connection is coming from you.
Step 2: Add the public key to Azure DevOps Services/TFS
Associate the public key generated in the previous step with your user ID.
Create Ssh Key For Jenkins User
Open your security settings by browsing to the web portal and selecting your avatar in the upper right of theuser interface. Select Security in the menu that appears.
Select SSH public keys, and then select + New Key.
Copy the contents of the public key (for example, id_rsa.pub) that you generated into the Public Key Data field.
Important
Avoid adding whitespace or new lines into the Key Data field, as they can cause Azure DevOps Services to use an invalid public key. When pasting in the key, a newline often is added at the end. Be sure to remove this newline if it occurs.
Give the key a useful description (this description will be displayed on the SSH public keys page for your profile) so that you can remember it later. Select Save to store the public key. Once saved, you cannot change the key. You can delete the key or create a new entry for another key. There are no restrictions on how many keys you can add to your user profile.
Step 3: Clone the Git repository with SSH
Note
To connect with SSH from an existing cloned repo, see updating your remotes to SSH.
Copy the SSH clone URL from the web portal. In this example, the SSL clone URL is for a repo in an organization named fabrikam-fiber, as indicated by the first part of the URL after
dev.azure.com
.Note
Project URLs have changed with the release of Azure DevOps Services and now have the format
dev.azure.com/{your organization}/{your project}
, but you can still use the existingvisualstudio.com
format. For more information, see VSTS is now Azure DevOps Services.Run
git clone
from the command prompt.
SSH may display the server's SSH fingerprint and ask you to verify it.
For cloud-hosted Azure DevOps Services, where clone URLs contain either ssh.dev.azure.com
or vs-ssh.visualstudio.com
, the fingerprint should match one of the following formats:
- MD5:
97:70:33:82:fd:29:3a:73:39:af:6a:07:ad:f8:80:49
(RSA) - SHA256:
SHA256:ohD8VZEXGWo6Ez8GSEJQ9WpafgLFsOfLOtGGQCQo6Og
(RSA)These fingerprints are also listed in the SSH public keys page.
For self-hosted instances of Azure DevOps Server, you should verify that the displayed fingerprint matches one of the fingerprints in the SSH public keys page.
SSH displays this fingerprint when it connects to an unknown host to protect you from man-in-the-middle attacks.Once you accept the host's fingerprint, SSH will not prompt you again unless the fingerprint changes.
When you are asked if you want to continue connecting, type yes
. Git will clone the repo and set up the origin
remote to connect with SSH for future Git commands.
Tip
Avoid trouble: Windows users will need to run a command to have Git reuse their SSH key passphrase.
Questions and troubleshooting
Q: After running git clone, I get the following error. What should I do?
Host key verification failed.fatal: Could not read from remote repository.
A: Manually record the SSH key by running:ssh-keyscan -t rsa domain.com >> ~/.ssh/known_hosts
Q: How can I have Git remember the passphrase for my key on Windows?
A: Run the following command included in Git for Windows to start up the ssh-agent
process in Powershell or the Windows Command Prompt. ssh-agent
will cacheyour passphrase so you don't have to provide it every time you connect to your repo.
If you're using the Bash shell (including Git Bash), start ssh-agent with:
Q: I use PuTTY as my SSH client and generated my keys with PuTTYgen. Can I use these keys with Azure DevOps Services?
A: Yes. Load the private key with PuTTYgen, go to Conversions menu and select Export OpenSSH key.Save the private key file and then follow the steps to set up non-default keys.Copy your public key directly from the PuTTYgen window and paste into the Key Data field in your security settings.
Q: How can I verify that the public key I uploaded is the same key as I have locally?
A: You can verify the fingerprint of the public key uploaded with the one displayed in your profile through the following ssh-keygen
command run against your public key usingthe bash
command line. You will need to change the path and the public key filename if you are not using the defaults.
You can then compare the MD5 signature to the one in your profile. This check is useful if you have connection problems or have concerns about incorrectlypasting in the public key into the Key Data field when adding the key to Azure DevOps Services.
Q: How can I start using SSH in a repository where I am currently using HTTPS?
A: You'll need to update the origin
remote in Git to change over from a HTTPS to SSH URL. Once you have the SSH clone URL, run the following command:
You can now run any Git command that connects to origin
.
Q: I'm using Git LFS with Azure DevOps Services and I get errors when pulling files tracked by Git LFS.
A: Azure DevOps Services currently doesn't support LFS over SSH. Use HTTPS to connect to repos with Git LFS tracked files.
Q: How can I use a non default key location, i.e. not ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub?
A: To use keys created with ssh-keygen
in a different place than the default, you do two things:
- The keys must be in a folder that only you can read or edit. If the folder has wider permissions, SSH will not use the keys.
- You must let SSH know the location of the keys. You make SSH aware of keys through the
ssh-add
command, providing the full path to the private key.
On Windows, before running ssh-add
, you will need to run the following command from included in Git for Windows:
This command runs in both Powershell and the Command Prompt. If you are using Git Bash, the command you need to use is:
You can find ssh-add
as part of the Git for Windows distribution and also run it in any shell environment on Windows.
On macOS and Linux you also must have ssh-agent
running before running ssh-add
, but the command environment on these platforms usuallytakes care of starting ssh-agent
for you.
Q: I have multiple SSH keys. How do I use different SSH keys for different SSH servers or repos?
A: Generally, if you configure multiple keys for an SSH client and connect to an SSH server, the client can try the keys one at a time until the server accepts one.
However, this doesn't work with Azure DevOps for technical reasons related to the SSH protocol and how our Git SSH URLs are structured. Azure DevOps will blindly accept the first key that the client provides during authentication. If that key is invalid for the requested repo, the request will fail with the following error:
For Azure DevOps, you'll need to configure SSH to explicitly use a specific key file. One way to do this to edit your ~/.ssh/config
file (for example, /home/jamal/.ssh
or C:Usersjamal.ssh
) as follows:
Q: What notifications may I receive about my SSH keys?
A: Whenever you register a new SSH Key with Azure DevOps Services, you will receive an email notification informing you that a new SSH key has been added to your account.
Q: What do I do if I believe that someone other than me is adding SSH keys on my account?
How To Create Ssh Key For Jenkins User
A: If you receive a notification of an SSH key being registered and you did not manually upload it to the service, your credentials may have been compromised.
Jenkins Windows Server
The next step would be to investigate whether or not your password has been compromised. Changing your password is always a good first step to defend against this attack vector. If you’re an Azure Active Directory user, talk with your administrator to check if your account was used from an unknown source/location.