How to Use SSH During Your Builds

Sometimes you might want to connect different machines during your build in a project. For example, to trigger a deployment script on a remote machine via SSH.

Let’s learn how that’s done.

Why Use SSH?

Secure Shell (SSH) is widely used for various purposes due to its security, versatility, and efficiency. Here are several reasons to use SSH

• Secure communication. SSH provides encrypted communication over an insecure network (such as the internet), ensuring confidentiality and integrity of data during transmission.
• Authentication. SSH uses public-key cryptography for user authentication, offering a more secure alternative to password-based authentication. This helps protect against unauthorized access.
• Remote access. SSH allows users to access a remote server or machine securely, providing a command-line interface or enabling file transfer (e.g., with tools like SCP or SFTP).
• Tunneling. SSH can create secure tunnels for forwarding arbitrary network connections, providing a secure way to access services like databases or web servers on remote networks.
• Key management. SSH supports the use of SSH keys, which simplifies and enhances security in authentication. It also allows for the management of access through key pairs.

How to upload an SSH key in TeamCity

Go to Edit configuration | Build Steps to have a quick look at your build steps.

Imagine you want to add a command line build step that executes a deployment. To do so, TeamCity connects to a remote server via SSH and executes a couple of commands on that server, e.g. to download a file from Amazon S3 and execute it. In order for the SSH connection to work, you need to specify an SSH key.

The question here is: How does the SSH key get to your build agent if it’s not pre-baked into your agent image?

What we want to do is to get rid of the command line build step. To do that, click on the Runner type drop-down menu. Here, you’ll notice two options: SSH Exec and SSH Upload.

SSH Exec is convenient for when you want to execute something on a remote machine. SSH Upload helps you to securely upload files to a server.

Let’s choose the option SSH Exec and add the target and commands for the runner.

Here, under Authentication method, you have a few choices to choose where your SSH key comes from.

Uploaded key: The key is uploaded to the TeamCity server. The server will encrypt it, send it to the build agent for the build, and then delete it after the build is finished.

Default private key and Custom private key: Choose this option if you have a default private key pre-installed in specific locations on your build agent.

You can also choose a username-password combination or even have a running SSH agent. Read more about SSH Exec in our documentation.

In this tutorial, we’re going to go with the Uploaded keyoption. We’ll set the username to teamcity-deploy and we’ll skip setting the passphrase. We’ll then go ahead and upload the SSH key.

To upload the SSH key, let’s go to Buildpipelines project | SSH Keys. After that, we’ll select the private key for our server. Click Upload SSH Key and select a file from your computer.

After that, go back to Build steps | SSH Exec and select the private key that you have just uploaded. Then hit Save and run the build.

Once the build finishes running, open up the Build Log, and you’ll see the output from the SSH Exec build step. Here, we can see that TeamCity executed the command that you input into the build step configuration. It will also show you the result of the echo ‘running deploy.sh...’ command.

That’s about it!