Oracle Cloud Infrastructure Documentation

SSH Authorization

Learn how to clone the repository using SSH.

To clone the repository using an SSH key, you need an SSH key pair. For a list of public key SSH fingerprints and corresponding regions applicable for DevOps source code management (SCM), see SSH Fingerprints. You can be an IAM user or a federated user. IAM users can be part of a domain. An identity domain is a container for managing users and roles.

Setting up SSH Authentication

  1. Generate an SSH key pair. You can use OpenSSH key pair or an OCI API signing key.
    Note

    If you already have a SSH key pair, then you can use the same. By default, SSH keys are stored in the system's ~/.ssh directory.

    To generate a SSH key pair, follow the given steps:

    1. Open a terminal window.

    2. Enter the following command:

      ssh-keygen -t rsa -C "<user.alias>@"
    3. Accept the default values when prompted.
    4. The command creates a 3072-bit RSA key for use with SSH.
    5. You can give a passphrase for the private key when prompted for security.
    6. The command produces two keys needed for SSH authentication: Private key ( id_rsa ) and the Public key ( id_rsa.pub ). Keep the private key securely and don't share it.
  2. Copy the contents of the public key file.
    If you're using OpenSSH format key, use the following command: 
    ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 | pbcopy
    If you're using OCI API signing key, use the following command: 
    cat ~/.oci/oci_api_key_public.pem | pbcopy
  3. Upload the public key to OCI and associate with the IAM user. Follow the given steps:
    1. Open the navigation menu and click Identity & Security. Under Identity, click Users. A list of the users in the tenancy is displayed.
    2. Select the user you want to use for Git service authentication.
    3. Click API Keys under Resources in the left-side menu.
    4. Click Add API Key button, select the option Paste Public Key, and paste the public key content.
    5. Click the Add button.

Setting up Git Operations

You can set up the Git username in the OpenSSH configuration file or embed the Git username in SSH URL.

  1. To set up Git username in the OpenSSH configuration file, follow the given steps:
    1. Check if the ~/.ssh/config file exists in the default location. 
      open ~/.ssh/config
    2. If the file doesn't exist, then create the file. 
      touch ~/.ssh/config
    3. You must edit the SSH configuration file ~/.ssh/config to specify the user and key to use for the git clone operation. The format for the host entry in the configuration file is: 
      
Host <CodeRepositoryHost>
  User <userName>@<tenancyName>
  IdentityFile  <PathToYourSSHPrivateKey>
      File format for an IAM user part of a domain is: 
      Host <CodeRepositoryHost>
  User <domainName>/<userName>@<tenancyName>
  IdentityFile  <PathToYourSSHPrivateKey>
      The SSH user is a combination of the login username and tenancy name. For example, if you're using a federated user, then the code repository's SSH user for Git is, Federation/userName@tenancyName. In the user string:
      • Federation is optional and is the federated identity provider.
      • userName is the user who signs in to the OCI Console.
      • tenancyName is the name of the tenancy, which you can find in the OCI Console.
      Example, oracleidentitycloudservice/the-product-manager-user@my-tenancy
      The SSH user string need not be URL encoded or escaped. For example, for a code repository in the Ashburn region, the host configuration entry is: 
      Host devops.scmservice.us-ashburn-1.oci.oraclecloud.com
    User the-product-manager-user@my-tenancy
    IdentityFile ~/.ssh/id_rsa

      For all OCI regions, you can use a wildcard for the host, for example, Host devops.scmservice.*.oci.oraclecloud.com.

  2. To set up Git username in SSH URL, follow the given steps:
    1. Add the Git username in the SSH URL: 
      ssh://<userName>@<tenancyName>@<sshUrl>
      SSH URL for a user in a domain: 
      ssh://<domainName>/<userName>@<tenancyName>@<sshUrl>
    2. Add the SSH private key to ssh-agent and store the passphrase in the keychain. 
      ssh-add -K ~/.ssh/id_rsa

Cloning the Repository

  1. On the local machine's command line, change the working directory location to where you want to clone the repository.
  2. To clone the repository, run the git clone command with the SSH URL that you copied from the Cloud Console.

    For example, git clone ssh://devops.scmservice.us-ashburn-1.oci.oraclecloud.com/namespaces/MY-TENANCY/projects/PROJECT-NAME/repositories/REPO-NAME