SSH Key

Table of Contents GitHub Cek Remote Cek Local Buat Baru Tes SSH Agent Issue Cloud Builder SSH Remote Response Result Exposing Scripts Referensi

GitHub

Cek Remote

Lihat daftar key di GitHub

Cek Local

Lihat daftar key di local PC

$ ls -al ~/.ssh

default adalah

• id_dsa.pub
• id_ecdsa.pub
• id_ed25519.pub
• id_rsa.pub

Jika tidak ditemukan coba cek dengan

$ ssh -vT [email protected]

Buat Baru

Jika tidak ditemukan maka buat baru

$ ssh-keygen -t rsa -b 4096 -C "[email protected]"

contoh

$ ssh-keygen -t rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/chetabahana/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/chetabahana/.ssh/id_rsa.
Your public key has been saved in /home/chetabahana/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [email protected]
The key's randomart image is:
+---[RSA 4096]----+
| ..=o.o ..o      |
'''

$ ls -al ~/.ssh
total 104
drwx------ 2 chetabahana docker  4096 Mar 30 15:04 .
drwxr-xr-x 8 chetabahana docker  4096 Mar 30 05:37 ..
-rw------- 1 chetabahana docker  3326 Mar 30 15:04 id_rsa
-rw-r--r-- 1 chetabahana docker   747 Mar 30 15:04 id_rsa.pub

$ clip < ~/.ssh/id_rsa.pub

Jika ingin ubah passphrase

 ssh-keygen -p

Tes SSH

Copy dan masukkan id_rsa.pub ke GitHub lalu tes sbb

$ ssh -T [email protected]
Enter passphrase for key '/home/chetabahana/.ssh/id_rsa': xxxxxxxxx
Hi chetabahana! You've successfully authenticated, ......

Agent

Anda dapat mengamankan kunci SSH dan mengkonfigurasi SSH Agent otentikasi sehingga Anda tidak perlu memasukkan kembali passphrase Anda setiap kali menggunakan kunci SSH.

• Jika Anda pakai GitHub Desktop tidak perlu langkah ini, agent akan start otomatis.
• Jika pakai terminal lain ikuti cara Auto-launching ssh-agent atau ssh-add automatically.

$ eval $(ssh-agent -s)
Agent pid 5054

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/chetabahana/.ssh/id_rsa: xxxxxxxxx
Identity added: /home/chetabahana/.ssh/id_rsa (/home/chetabahana/.ssh/id_rsa)

$ ssh -T [email protected]
Hi chetabahana! You've successfully authenticated,

Issue

Jika masih belum bisa koneksi coba langkah berikut

• Buka Control Panel dari menu Start
• Pilih Akun Pengguna
• Pilih "Kelola kredensial Anda" di menu sebelah kiri
• Hapus kredensial yang terkait dengan Git atau GitHub
• Kemudian ulangi dari awal lagi..

Cloud Builder

• Jika Anda pakai Build configuration overview.

SSH Remote

cloudbuild.yaml

- name: "gcr.io/cloud-builders/gcloud"
  args: ["compute", "ssh", "${_USER_NAME}@${_INSTANCE_NAME}", "--zone", "${_ZONE}", 
  "--command", "pwd"]

- name: 'gcr.io/cloud-builders/gsutil'
  args: ["cp", "-rPv", "/builder/home/.ssh", "gs://${_BUCKET_NAME}/builder/home"]

substitutions:
  _ZONE: us-central1-c
  _USER_NAME: chetabahana # default value
  _BUCKET_NAME: appspot.chetabahana.com 
  _INSTANCE_NAME: backend # default value 
  _DOCKER_DIRECTORY: /home/chetabahana/.docker # default value

Response

Starting Step #1
Step #1: Already have image (with digest): gcr.io/cloud-builders/gcloud
Step #1: WARNING: The public SSH key file for gcloud does not exist.
Step #1: WARNING: The private SSH key file for gcloud does not exist.
Step #1: WARNING: You do not have an SSH key for gcloud.
Step #1: WARNING: SSH keygen will be executed to generate a key.
Step #1: This tool needs to create the directory [/builder/home/.ssh] before 
Step #1: being able to generate SSH keys.
Step #1: 
Step #1: Do you want to continue (Y/n)?  
Step #1: Generating public/private rsa key pair.
Step #1: Your identification has been saved in /builder/home/.ssh/google_compute_engine.
Step #1: Your public key has been saved in /builder/home/.ssh/google_compute_engine.pub.
Step #1: The key fingerprint is:
Step #1: SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX root@XXXXXXXXXX
Step #1: The key's randomart image is:
Step #1: +---[RSA 2048]----+
Step #1: |          .+X .++|
Step #1: |          .o.oo=+|
Step #1: |          o o .=E|
Step #1: |       . . =  +.+|
Step #1: |      x S + .o =.|
Step #1: |     * + . .. + =|
Step #1: |    o O =    . o.|
Step #1: |     X B         |
Step #1: |   .x B .        |
Step #1: +----[SHA256]-----+
Step #1: Updating project ssh metadata...
Step #1: ...............................................................................
..............Updated [https://www.googleapis.com/compute/v1/projects/chetabahana].
Step #1: .done.
Step #1: Waiting for SSH key to propagate.
Step #1: Warning: Permanently added 'compute.XXXX' (ECDSA) to the list of known hosts.
Step #1: /home/chetabahana
Finished Step #1
Starting Step #2
Step #2: Already have image (with digest): gcr.io/cloud-builders/gsutil
Step #2: Copying file:///builder/home/.ssh/google_compute_known_hosts \
         [Content-Type=application/octet-stream]...
Step #2: / [0 files][    0.0 B/  222.0 B]                                                
         / [1 files][  222.0 B/  222.0 B]                                                
         Created: gs://appspot.chetabahana.com/builder/home/.ssh/
         google_compute_known_hosts#1555082519040128
Step #2: Copying file:///builder/home/.ssh/google_compute_engine \
         [Content-Type=application/octet-stream]...
Step #2: / [1 files][  222.0 B/  1.9 KiB]                                                
         / [2 files][  1.9 KiB/  1.9 KiB]                                                
         Created: gs://appspot.chetabahana.com/builder/home/.ssh/
         google_compute_engine#1555082519405651
Step #2: Copying file:///builder/home/.ssh/google_compute_engine.pub 
         [Content-Type=application/octet-stream]...
Step #2: - [2 files][  1.9 KiB/  2.2 KiB]                                                
         - [3 files][  2.2 KiB/  2.2 KiB]                                                
         Created: gs://appspot.chetabahana.com/builder/home/.ssh/
         google_compute_engine.pub#1555082519727233
Step #2: Operation completed over 3 objects/2.2 KiB.                                      
Finished Step #2
PUSH
DONE

Result

$ gsutil ls gs://appspot.chetabahana.com/builder/home/.ssh/
gs://appspot.chetabahana.com/builder/home/.ssh/google_compute_engine
gs://appspot.chetabahana.com/builder/home/.ssh/google_compute_engine.pub
gs://appspot.chetabahana.com/builder/home/.ssh/google_compute_known_hosts

$ gsutil ls -alR gs://appspot.chetabahana.com/builder/home/.ssh/
gs://appspot.chetabahana.com/builder/home/.ssh/:
1675  2019-04-12T15:21:59Z  gs://appspot.chetabahana.com/builder/home/.ssh/
google_compute_engine#1555082519405651  metageneration=1
399  2019-04-12T15:21:59Z  gs://appspot.chetabahana.com/builder/home/.ssh/
google_compute_engine.pub#1555082519727233  metageneration=1
222  2019-04-12T15:21:59Z  gs://appspot.chetabahana.com/builder/home/.ssh/
google_compute_known_hosts#1555082519040128  metageneration=1
TOTAL: 3 objects, 2296 bytes (2.24 KiB)

Exposing

• Consider exposing credentials via an environment variable that isn't $HOME

 // Git seems to ignore $HOME/.ssh and look in /root/.ssh for unknown reasons. 
 // As a workaround, symlink /root/.ssh to where we expect the $HOME to land. 
 // This means SSH auth only works for our built-in git support, and not 
 // custom steps. 
 err := os.Symlink("/builder/home/.ssh", "/root/.ssh") 
 if err != nil { 
 	logger.Fatalf("Unexpected error creating symlink: %v", err) 
 }

Scripts

~$ cat .docker/init.sh
 #!/bin/sh
 if [ -d /home/chetabahana/.docker/backend ]; then
        cd /home/chetabahana/.docker/backend && docker-compose down --volumes
        cd .. && sudo rm -rf /home/chetabahana/.docker/backend
 fi
 gcloud source repos clone github_chetabahana_backend backend
 cd /home/chetabahana/.docker/backend/scripts && chmod +x main.sh && ./main.sh
 #EOF

Referensi

• https://console.cloud.google.com/compute/metadata/sshKeys
• https://cloud.google.com/compute/docs/instances/connecting-to-instance
• https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys