1. Using Visual Builder Studio
  2. Common Tasks
  3. Build Your Applications
  4. Configure and Run Project Jobs and Builds
  5. Configure a Job
  6. Access an Oracle Cloud Service Using SSH

Access an Oracle Cloud Service Using SSH

You can configure a job to use SSH to access any Oracle Cloud service instances that has SSH enabled, such as Oracle Cloud Infrastructure Compute Classic VMs.

You can configure the job to use any of the following options, or both:

  • Create an SSH tunnel to access a process running on a remote system, including an on-premise system, via the SSH port. The SSH tunnel is created at the start of the build job and is destroyed automatically when the job finishes.

  • Set up the default ~/.ssh directory with the provided keys in the build’s workspace for use with the command-line tools. The modifications revert after the job finishes.

To connect to the Oracle Cloud service instance, you need IP address of the server, credentials of a user who can connect to the service instance, and local and remote port numbers:

  1. Open the job’s configuration page.
  2. Click the Before Build tab.
  3. Click Add Before Build Action and select SSH Configuration.
  4. In Private Key and Public Key, enter the private and the public key of your SSH Private-Public key pair.

    Leave the Public Key empty to use the fingerprint.

    The SSH server public key is used for host verification. You use the ssh-keyscan tool to get this key from the VM itself. More than one key may be returned and, although you could use any of them, the most commonly used one is the ssh-rsa key.

  5. In Pass Phrase, enter the passphrase of your SSH Private-Public key pair. Leave it empty if the keys aren’t encrypted with a passphrase.

    Note:

    If you want to access the Oracle Cloud service using a command or a Shell script from the UNIX Shell step, do not use a key protected by a passphrase, or SSH will interactively prompt for a passphrase during the build.

  6. In SSH Server Public Key, enter the public key of the SSH server.

    If you’re using a command-line SSH tool, note that the host name and the IP address must match. The host name and the IP address can be comma separated. Example: ssh1.example.com,10.0.0.13 ssh-rss ... .

    Leave the field empty to skip host verification. For command-line tools, such as ssh, add the -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null option explicitly to skip host verification.

  7. To use an SSH tunnel, select the Create SSH Tunnel check box.

    SSH tunnel provides an additional layer of security and can only be set up between trusted hosts. After you select the check box, enter the SSH server details:

    • Username: Name of the user who can connect to the SSH server.

    • Password: Password of the SSH user. Leave the field empty to use the key based authentication.

    • Local Port: Port number of the client used for local port forwarding.

    • Remote Host: Name of the remote host, or an interface on the SSH server.

    • Remote Port: Port number of the remote host or interface.

    • SSH Server: Name or IP address of the target SSH server.

    • Connect String: Displays the connect string to be used to set up the SSH tunnel.

  8. To use command line tools (such as ssh, scp, or sftp), select the Setup files in ~/.ssh for command-line ssh tools check box.

    When a build runs, necessary files with the information that you’ve provided are created for you in the known_hosts file of the ~/.ssh directory in the build system workspace. The files are removed automatically after the build is complete.

    When a build runs, necessary files with the information that you’ve provided are created for you in the known_hosts file of the ~/.ssh directory in the build system workspace. The files are removed automatically after the build is complete.

    Note:

    If you have a build job that uses an SSH proxy to run SSH commands, including scp, host verification will be performed for the proxy server as well as the target server. Host certificates for both servers must be added to the Host Keys field in the SSH Configuration.

    For example, if a build script contains an scp command such as this one:

    scp -o 'ProxyCommand=ssh  -W %h:%p -p 22 opc@x.x.x.x' target/sample.war
    opc@y.y.y.y:/tmp

    The host keys should have two lines, one for proxy server x.x.x.x and another for target server y.y.y.y

    Alternatively, you could disable host key verification for one or both of the servers:

    scp -o StrictHostKeyChecking=no -o 'ProxyCommand=ssh   -o StrictHostKeyChecking=no  -W %h:%p -p 22 opc@x.x.x.x' target/sample.war opc@y.y.y.y:/tmp
  9. Click Save.