SSH Authorization
Learn how to clone the repository using SSH.
To clone the repository using an SSH key, you need an SSH key pair. For a list of public key SSH fingerprints and corresponding regions applicable for DevOps source code management (SCM), see SSH Fingerprints. You can be an IAM user or a federated user. IAM users can be part of a domain. An identity domain is a container for managing users and roles.
Setting up SSH Authentication
- Generate an SSH key pair. You can use OpenSSH key pair or an OCI
API signing key. Note
If you already have a SSH key pair, then you can use the same. By default, SSH keys are stored in the system's~/.ssh
directory.To generate a SSH key pair, follow the given steps:
- Open a terminal window.
-
Enter the following command:
ssh-keygen -t rsa -C "<user.alias>@"
- Accept the default values when prompted.
- The command creates a 3072-bit RSA key for use with SSH.
- You can give a passphrase for the private key when prompted for security.
- The command produces two keys needed for SSH authentication: Private key ( id_rsa ) and the Public key ( id_rsa.pub ). Keep the private key securely and don't share it.
- Copy the contents of the public key file. If you're using OpenSSH format key, use the following command:
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 | pbcopy
If you're using OCI API signing key, use the following command:cat ~/.oci/oci_api_key_public.pem | pbcopy
- Upload the public key to OCI and associate with the IAM user. Follow the given steps:
- Open the navigation menu and click Identity & Security. Under Identity, click Users. A list of the users in the tenancy is displayed.
- Select the user you want to use for Git service authentication.
- Click API Keys under Resources in the left-side menu.
- Click Add API Key button, select the option Paste Public Key, and paste the public key content.
- Click the Add button.
Setting up Git Operations
You can set up the Git username in the OpenSSH configuration file or embed the Git username in SSH URL.
- To set up Git username in the OpenSSH configuration file, follow the given steps:
- Check if the
~/.ssh/config
file exists in the default location.open ~/.ssh/config
- If the file doesn't exist, then create the file.
touch ~/.ssh/config
- You must edit the SSH configuration file
~/.ssh/config
to specify the user and key to use for thegit clone
operation. The format for the host entry in the configuration file is:Host <CodeRepositoryHost> User <userName>@<tenancyName> IdentityFile <PathToYourSSHPrivateKey>
File format for an IAM user part of a domain is:Host <CodeRepositoryHost> User <domainName>/<userName>@<tenancyName> IdentityFile <PathToYourSSHPrivateKey>
The SSH user is a combination of the login username and tenancy name. For example, if you're using a federated user, then the code repository's SSH user for Git is,Federation/userName@tenancyName
. In the user string:Federation
is optional and is the federated identity provider.userName
is the user who signs in to the OCI Console.tenancyName
is the name of the tenancy, which you can find in the OCI Console.
oracleidentitycloudservice/the-product-manager-user@my-tenancy
The SSH user string need not be URL encoded or escaped. For example, for a code repository in the Ashburn region, the host configuration entry is:Host devops.scmservice.us-ashburn-1.oci.oraclecloud.com User the-product-manager-user@my-tenancy IdentityFile ~/.ssh/id_rsa
For all OCI regions, you can use a wildcard for the host, for example,
Host devops.scmservice.*.oci.oraclecloud.com
.
- Check if the
-
To set up Git username in SSH URL, follow the given steps:
- Add the Git username in the SSH URL:
ssh://<userName>@<tenancyName>@<sshUrl>
SSH URL for a user in a domain:ssh://<domainName>/<userName>@<tenancyName>@<sshUrl>
- Add the SSH private key to ssh-agent and store the passphrase in the keychain.
ssh-add -K ~/.ssh/id_rsa
- Add the Git username in the SSH URL:
Cloning the Repository
- On the local machine's command line, change the working directory location to where you want to clone the repository.
- To clone the repository, run the
git clone
command with the SSH URL that you copied from the Cloud Console.For example,
git clone ssh://devops.scmservice.us-ashburn-1.oci.oraclecloud.com/namespaces/MY-TENANCY/projects/PROJECT-NAME/repositories/REPO-NAME