Oracle Cloud Infrastructure Documentation

SSH Authorization

Learn how to clone the repository using SSH.

To clone the repository using an SSH key, you need an SSH key pair. You can be an IAM user or a federated user. IAM users can be part of a domain. An identity domain is a container for managing users and roles.

Setting up SSH Authentication

  1. Generate an SSH key pair. You can use OpenSSH key pair or an OCI API signing key.
    Note

    If you already have a SSH key pair, then you can use the same. By default, SSH keys are stored in your system's ~/.ssh directory.

    To generate a SSH key pair, follow the given steps:

    1. Open a terminal window.

    2. Enter the following command:

      ssh-keygen -t rsa -C "<user.alias>@"
    3. Accept the default values when prompted.
    4. The command will create a 3072-bit RSA key for use with SSH.
    5. You can give a passphrase for your private key when prompted for security.
    6. The command produces two keys needed for SSH authentication: Private key ( id_rsa ) and the Public key ( id_rsa.pub ). Keep your private key securely and do not share it.
  2. Copy the contents of the public key file.
    If you are using OpenSSH format key, use the following command: 
    ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 | pbcopy
    If you are using OCI API signing key, use the following command: 
    cat ~/.oci/oci_api_key_public.pem | pbcopy
  3. Upload the public key to OCI and associate with your IAM user. Follow the given steps:
    1. Open the navigation menu and click Identity & Security. Under Identity, click Users. A list of the users in your tenancy is displayed.
    2. Select the user you want to use for Git service authentication.
    3. Click API Keys under Resources in the left-side menu.
    4. Click Add API Key button, select the option Paste Public Key, and paste the public key content.
    5. Click the Add button.

Setting up Git Operations

You can set up the Git username in the OpenSSH configuration file or embed the Git username in SSH URL.

  1. To set up Git username in the OpenSSH configuration file, follow the given steps:
    1. Check if your ~/.ssh/config file exists in the default location. 
      open ~/.ssh/config
    2. If the file doesn't exist, then create the file. 
      touch ~/.ssh/config
    3. You must edit your SSH configuration file ~/.ssh/config to specify the user and key to use for the git clone operation. The format for the host entry in your configuration file is: 
      
Host <CodeRepositoryHost>
  User <userName>@<tenancyName>
  IdentityFile  <PathToYourSSHPrivateKey>
      File format for an IAM user part of a domain is: 
      Host <CodeRepositoryHost>
  User <domainName>/<userName>@<tenancyName>
  IdentityFile  <PathToYourSSHPrivateKey>
      The SSH user is a combination of your login username and tenancy name. For example, if you are using a federated user, then your code repository's SSH user for Git is, Federation/userName@tenancyName. In the user string:
      • Federation is optional and is the federated identity provider.
      • userName is the user who signs in to the OCI Console.
      • tenancyName is the name of your tenancy, which you can find in the OCI Console.
      Example, oracleidentitycloudservice/the-product-manager-user@my-tenancy
      The SSH user string need not be URL encoded or escaped. For example, for a code repository in the Ashburn region, the host configuration entry is: 
      Host devops.scmservice.us-ashburn-1.oci.oraclecloud.com
    User the-product-manager-user@my-tenancy
    IdentityFile ~/.ssh/id_rsa

      For all OCI regions, you can use a wildcard for the host, for example, Host devops.scmservice.*.oci.oraclecloud.com.

  2. To set up Git username in SSH URL, follow the given steps:
    1. Add the Git username in the SSH URL: 
      ssh://<userName>@<tenancyName>@<sshUrl>
      SSH URL for a user in a domain: 
      ssh://<domainName>/<userName>@<tenancyName>@<sshUrl>
    2. Add your SSH private key to ssh-agent and store your passphrase in the keychain. 
      ssh-add -K ~/.ssh/id_rsa

Cloning the Repository

  1. On your local machine's command line, change the working directory location to where you want to clone the repository.
  2. To clone the repository, run the git clone command with the SSH URL that you copied from the Cloud Console.

    For example, git clone ssh://devops.scmservice.us-ashburn-1.oci.oraclecloud.com/namespaces/MY-TENANCY/projects/PROJECT-NAME/repositories/REPO-NAME