Add SSH Keys

Updated 1 month ago by Chakravarthy Tenneti

You can add SSH keys for use in connecting to remote servers, such as an AWS EC2 instance.

In this topic:

Before You Begin

Step 1: Configure SSH Connectivity

Currently, Harness does not support OpenSSH private keys for SSH keys. Support will be added soon. To generate an SSHv2 key using OpenSSH, use ssh-keygen -t rsa (rsa specifies SSHv2) and then follow the prompts to create the PEM key. Also, ensure that the BEGIN RSA and END RSA lines are included when you paste the key into Harness (pbcopy is useful for copying the key). For more information, see the ssh-keygen man page.

For example, if you want to SSH into an EC2 instance, in a terminal, enter the following command:

ssh -i "example.pem" ec2-user@ec2-76-939-110-125.us-west-1.compute.amazonaws.com

The SSH secret you add here can be used in Harness components wherever they need to SSH into your remote server. For example, in a Harness Environment Service Infrastructure/Infrastructure Definition dialog, you specify Connection Attributes that use the SSH secret to connect to the target host.

To add an SSH key that can be referenced in Harness entities, do the following:

  1. In Secrets Management, click SSH.
  2. Click Add SSH Key. The SSH Configuration dialog appears.
  3. Enter a Display Name for the SSH credentials.
  4. (Required.) In User Name, provide the user name for the user account on the remote server. For example, if you want to SSH into an AWS EC2 instance, the user name would be ec2-user.
  5. Do one of the following:
    1. Click Inline SSH Key. You must create or use an existing Encrypted SSH Key file. In the Select Encrypted SSH key File drop down, select an existing file or create a new one. For more information on creating a new Encrypted SSH Key file, see Harness Encrypted File Secrets.
    If you are modifying an existing Inline SSH Key, you will not be able to edit the existing inline key that you have entered earlier. Instead, you should select an existing file or create a new Encrypted SSH key file.
    1. Click SSH KeyFile Path (on Delegate) and specify the location of the key. This is the file path on the server running the Harness Delegate, such as /home/johndoe/example.pem.
    2. Click Password and Select Encrypted Password for the user account. You must use an Encrypted Text Secret to save your password and select it here. Either select an existing Encrypted Text Secret from the drop down list or create a new one by clicking + Create Encrypted Text.
  6. In Select Encrypted Passphrase, select the SSH key passphrase from the drop down if one is required. It is not required by default for AWS or many other platforms. Make sure you use a Harness Encrypted Text secret to save the passphrase and refer it here. Either select an existing secret from the drop down list or create a new one by clicking + Create Encrypted Text.
    For more information on creating an Encrypted Text Secret, see Harness Encrypted Text secret.
  7. In SSH Port, leave the default 22 or enter in a different port if needed.
  8. If you want to restrict the use of these SSH credentials to specific Harness components, do the following:
    1. In Usage Scope, click the drop-down under Applications, and click the name of the application.
    2. In Environments, click the name of the environment.

Step 2: Test Host Connectivity

  1. Click TEST. The Host Connectivity Test tool appears.
  2. In Host Name, enter the host name of the remote server you want to SSH into. For example, if it is an AWS EC2 instance, it will be something like, ec2-76-939-110-125.us-west-1.compute.amazonaws.com.
  3. Click RUN. If the test is unsuccessful, you might see an error stating that no Harness Delegate could reach the host, or that a credential is invalid. Ensure that your settings are correct and that a Harness Delegate is able to connect to the server.
  4. When a test is successful, click Submit.

Notes

You can convert your OpenSSH key to a PEM format with:

ssh-keygen -p -m PEM -f your_private_key

This will convert your existing file headers from:

-----BEGIN OPENSSH PRIVATE KEY-----

to

-----BEGIN RSA PRIVATE KEY-----

Next Steps


How did we do?