SSH Keys Management
Since TeamCity 8.1, you can upload an SSH private key right into the project via the TeamCity web interface.
Uploading SSH Key to TeamCity Server
Go to the Administration area| <Project> page|Project Settings on the left of the page.
Click SSH Keys. On the page that opens, click Upload SSH Key.
In the dialog that opens, select a private key usually stored in
<USER_HOME>/.ssh/id_rsa
or<USER_HOME>/.ssh/id_dsa
.
When you upload an SSH key for the project, it is stored in < >/config/<project>/pluginData/ssh_keys
. TeamCity tracks this folder and is able to pick up new keys on the fly. The key will be available in the current project and its subprojects.
Once the key is uploaded, a Git VCS root can be configured to use this uploaded key.
SSH Key Usage
The uploaded and referenced in a VCS root SSH key is used on the server and is also passed to the agent in case VCS Checkout Mode is configured.
During the build with agent-side checkout, the Git plugin downloads the key from the server to the agent. It temporarily saves the key on the agent's file system and removes it after git fetch/clone
is completed.
To transfer the key from the server to the agent, TeamCity encrypts it with a DES symmetric cipher. For a more secure way, configure Using HTTPS to access TeamCity server.