SSH Authorization
Learn how to clone the repository using SSH.
To clone the repository using an SSH key, you need an SSH key pair. You can be an IAM user or a federated user. IAM users can be part of a domain. An identity domain is a container for managing users and roles.
Setting up SSH Authentication
- Generate an SSH key pair. You can use OpenSSH key pair or an OCI API signing key. Note
If you already have a SSH key pair, then you can use the same. By default, SSH keys are stored in your system's~/.ssh
directory.To generate a SSH key pair, follow the given steps:
- Open a terminal window.
-
Enter the following command:
ssh-keygen -t rsa -C "<user.alias>@"
- Accept the default values when prompted.
- The command will create a 3072-bit RSA key for use with SSH.
- You can give a passphrase for your private key when prompted for security.
- The command produces two keys needed for SSH authentication: Private key ( id_rsa ) and the Public key ( id_rsa.pub ). Keep your private key securely and do not share it.
- Copy the contents of the public key file. If you are using OpenSSH format key, use the following command:
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 | pbcopy
If you are using OCI API signing key, use the following command:cat ~/.oci/oci_api_key_public.pem | pbcopy
- Upload the public key to OCI and associate with your IAM user. Follow the given steps:
- Open the navigation menu and click Identity & Security. Under Identity, click Users. A list of the users in your tenancy is displayed.
- Select the user you want to use for Git service authentication.
- Click API Keys under Resources in the left-side menu.
- Click Add API Key button, select the option Paste Public Key, and paste the public key content.
- Click the Add button.
Setting up Git Operations
You can set up the Git username in the OpenSSH configuration file or embed the Git username in SSH URL.
- To set up Git username in the OpenSSH configuration file, follow the given steps:
- Check if your
~/.ssh/config
file exists in the default location.open ~/.ssh/config
- If the file doesn't exist, then create the file.
touch ~/.ssh/config
- You must edit your SSH configuration file
~/.ssh/config
to specify the user and key to use for thegit clone
operation. The format for the host entry in your configuration file is:Host <CodeRepositoryHost> User <userName>@<tenancyName> IdentityFile <PathToYourSSHPrivateKey>
File format for an IAM user part of a domain is:Host <CodeRepositoryHost> User <domainName>/<userName>@<tenancyName> IdentityFile <PathToYourSSHPrivateKey>
The SSH user is a combination of your login username and tenancy name. For example, if you are using a federated user, then your code repository's SSH user for Git is,Federation/userName@tenancyName
. In the user string:Federation
is optional and is the federated identity provider.userName
is the user who signs in to the OCI Console.tenancyName
is the name of your tenancy, which you can find in the OCI Console.
oracleidentitycloudservice/the-product-manager-user@my-tenancy
The SSH user string need not be URL encoded or escaped. For example, for a code repository in the Ashburn region, the host configuration entry is:Host devops.scmservice.us-ashburn-1.oci.oraclecloud.com User the-product-manager-user@my-tenancy IdentityFile ~/.ssh/id_rsa
For all OCI regions, you can use a wildcard for the host, for example,
Host devops.scmservice.*.oci.oraclecloud.com
.
- Check if your
-
To set up Git username in SSH URL, follow the given steps:
- Add the Git username in the SSH URL:
ssh://<userName>@<tenancyName>@<sshUrl>
SSH URL for a user in a domain:ssh://<domainName>/<userName>@<tenancyName>@<sshUrl>
- Add your SSH private key to ssh-agent and store your passphrase in the keychain.
ssh-add -K ~/.ssh/id_rsa
- Add the Git username in the SSH URL:
Cloning the Repository
- On your local machine's command line, change the working directory location to where you want to clone the repository.
- To clone the repository, run the
git clone
command with the SSH URL that you copied from the Cloud Console.For example,
git clone ssh://devops.scmservice.us-ashburn-1.oci.oraclecloud.com/namespaces/MY-TENANCY/projects/PROJECT-NAME/repositories/REPO-NAME