Dive into OpenShift with SSH

Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers--a server and a client--that it connects via a secure channel over an insecure network.

Also, SSH is important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet. An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual machine.

We are always trying to make things easier. So maybe you have already been working with OpenShift for a long time without any manual SSH operations.

Knowing something about ssh-key and ssh-shell on OpenShift will definitely help a lot with your development in the future.

What is a SSH key?

OpenShift uses SSH to authenticate your account credentials to the OpenShift servers for secure communication, like the key matches a lock. Successful authentication is necessary to manage your cloud environment, and OpenShift supports both RSA and DSA keys.

Seriously, nobody can update your app without setting the SSH key correctly, even yourself.
To be successfully authenticated by the OpenShift server, the private key in your computer must match the public key saved in OpenShift server. It's a key pair.

When the public key is present on one side and the matching private key is present on another side, typing in the password is no longer required. However, for additional security the private key itself can be locked with a passphrase.

Basically, SSH keys are required for:
1- all git operations (including the initial git clone when you create an app)
2- visiting the OpenShift Shell of your app via ssh connection

How can I get a SSH key?

In the most common way, you can use the public key from the pair of primary RSA keys generated during domain creation to authenticate with your OpenShift account.

The rhc domain create command by default generates a primary pair of RSA SSH keys, and automatically uploads the public key to the OpenShift server.
The rhc setup command will also help you with generating an SSH key pair, and upload the public key to your account as well.

If you wish to use an existing or new pair of manually generated keys (e.g. generated with ssh-keygen), you must upload your public key to the OpenShift server with the OpenShift Web Console, or the rhc sshkey command.

And the private keys should be placed in your $HOME/.ssh/ folder by default, or you can customize it in $HOME/.ssh/config.

How do you manage your SSH keys?

You can manage your SSH (public) keys via either OpenShift Web Console or rhc sshkey command line.

Yes, you can enable more than one SSH key for your OpenShift account. That's really AWESOME!
We'll talk about it in a later section.

In Web Console

“OpenShift Management Console” -> “My Account” -> “Public Keys” on the right side

View public keys

You can add a new SSH public key here, or delete any existing one. Add or delete SSH public key

By using the command line tool

Check your existing SSH keys:

$ rhc sshkey list
Password: ******

SSH keys
========
       Name: default
       Type: ssh-rsa
Fingerprint: 61:63:dd:31:30:47:99:8f:7c:2d:78:87:6e:0d:ea:4d

       Name: x200
       Type: ssh-rsa
Fingerprint: 44:1d:53:0c:94:a0:b4:4c:d2:c5:ed:d2:35:90:36:18

       Name: T410
       Type: ssh-rsa
Fingerprint: d1:47:77:66:6f:37:05:76:c9:e2:b9:0b:9a:89:ef:9b

For security reasons, the content of public keys will not be showed here. So a good name will be helpful when adding new keys.

And you can add/update/remove SSH keys using command line tool as well:

$ rhc sshkey
 
Usage: rhc sshkey (<command> | --help) [<args>]
Manage multiple keys for the registered rhcloud user.
 
List of commands
  list                           Display all the SSH keys for the user account
  add                            Add SSH key to the user account
  update                         Update SSH key for the user account
  remove                         Remove SSH key from the user account

For more information, there is a chapter in the OpenShift User Guide talking about SSH Keys.

What's next?

We have talked about how to manage your SSH keys but this is just a start of what you can do with SSH. Now we can some really cool stuff - Enjoy it!

After you have created your domain and your application, click your app in the Web Console or use the rhc domain show command to display the Git URL of your current applications:

Application Info
================
test
    Framework: ruby-1.8
     Creation: 2012-07-03T01:36:23-04:00
         UUID: 07cb826dfa224af8a350087dd1000e3f
      Git URL: ssh://07cb826dfa224af8a350087dd1000e3f@test-forever.rhcloud.com/~/git/test.git/
   Public URL: http://test-forever.rhcloud.com/
 
 Embedded: 
      None

Git URL works not only for git operations, but also for accessing the OpenShift Shell of your app.

Using git with SSH

The most common part of using SSH key is during your git operations.

We've mentioned that multiple SSH keys can be managed in your OpenShift account, that means the apps under your account can be maintained from different computers or even a team of developers!

You can update your code anywhere you want. Just generate a pair of SSH keys for each computer you would like to work on, and save the public key in your OpenShift account.
What's cooler, it's the best way for collaborating development. Teamwork gets easier!

Access a shell on OpenShift

You can manage your OpenShift applications in a shell environment to perform specialized operations and general debugging. The shell access provides specialized tools for managing your applications.
Shell access is quite powerful and it is possible to accidentally damage an application. Therefore it is recommended you only use shell access when necessary.

It's as simple as just one command:

$ ssh 07cb826dfa224af8a350087dd1000e3f@test-forever.rhcloud.com
 
    *********************************************************************
 
    You are accessing a service that is for use only by authorized users.  
    If you do not have authorization, discontinue use at once. 
    Any use of the services is subject to the applicable terms of the 
    agreement which can be found at: 
    https://openshift.redhat.com/app/legal
 
    *********************************************************************
 
    Welcome to OpenShift shell
 
    This shell will assist you in managing OpenShift applications.
 
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with 'rhc app destroy'
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
 
    Type "help" for more info.
 
[test-forever.rhcloud.com ~]\>

BTW, for guys who prefer GUI tools like PuTTY to access OpenShift Shell, please read the following steps:

"Guide for Windows user"

Guide for Linux user:

1- set the host name in "session", actually it's your app url (the part after @ of your ssh url)

Set host name in session

2- in "connection" - "data", set the "username" as your ssh id (the part before @ in your ssh url)

Set username as SSH id

3- in "connection" - "ssh" - "auth", set your private ssh key in "autentication parameters"

Set private SSH key in authentication parameters

4- Welcome!

Welcome

Everything is under your control!

Now, you can easily:
A. Check any of your files (e.g. log files in $app_name/logs/, or data files in $app_name/data/) for debugging
B. Check any environment variables you want to use in your code
C. Type mongo or mysql to access the database interactive shell
D. Execute particular commands like scale-up related ones
......

For example:
Lost the password of MySQL in your app?
- Try echo $OPENSHIFT_MYSQL_DB_PASSWORD in the shell.

Tags:

Hi, after logging to the my project(SSH, thanks for this post). And moved to ".../app-root/repo" directory and i can my "app" there. I want to change controllers there. I can do that using vim/nano. Question: If i change some files here will the changes will be available on git to do >git pull on my local machine. As if I run git status as [projectone-homexxx5xxx.rhcloud.com repo]> git status fatal: Not a git repository (or any parent up to mount point /var/lib/openshift) Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).

I want to make sure if i do some changes here using ssh on my project should be available on git for git pull.