Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers--a server and a client--that it connects via a secure channel over an insecure network.
Also, SSH is important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet. An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual machine.
We are always trying to make things easier. So maybe you have already been working with OpenShift for a long time without any manual SSH operations.
Knowing something about ssh-key and ssh-shell on OpenShift will definitely help a lot with your development in the future.
What is a SSH key?
OpenShift uses SSH to authenticate your account credentials to the OpenShift servers for secure communication, like the key matches a lock. Successful authentication is necessary to manage your cloud environment, and OpenShift supports both RSA and DSA keys.
Seriously, nobody can update your app without setting the SSH key correctly, even yourself.
To be successfully authenticated by the OpenShift server, the private key in your computer must match the public key saved in OpenShift server. It's a key pair.
When the public key is present on one side and the matching private key is present on another side, typing in the password is no longer required. However, for additional security the private key itself can be locked with a passphrase.
Basically, SSH keys are required for:
1- all git operations (including the initial git clone when you create an app)
2- visiting the OpenShift Shell of your app via ssh connection
How can I get a SSH key?
In the most common way, you can use the public key from the pair of primary RSA keys generated during domain creation to authenticate with your OpenShift account.
rhc domain create command by default generates a primary pair of RSA SSH keys, and automatically uploads the public key to the OpenShift server.
rhc setup command will also help you with generating an SSH key pair, and upload the public key to your account as well.
If you wish to use an existing or new pair of manually generated keys (e.g. generated with
ssh-keygen), you must upload your public key to the OpenShift server with the OpenShift Web Console, or the
rhc sshkey command.
And the private keys should be placed in your
$HOME/.ssh/ folder by default, or you can customize it in
How do you manage your SSH keys?
You can manage your SSH (public) keys via either OpenShift Web Console or
rhc sshkey command line.
Yes, you can enable more than one SSH key for your OpenShift account. That's really AWESOME!
We'll talk about it in a later section.
In Web Console
You can add a new SSH public key here, or delete any existing one.
By using the command line tool
Check your existing SSH keys:
$ rhc sshkey list Password: ****** SSH keys ======== Name: default Type: ssh-rsa Fingerprint: 61:63:dd:31:30:47:99:8f:7c:2d:78:87:6e:0d:ea:4d Name: x200 Type: ssh-rsa Fingerprint: 44:1d:53:0c:94:a0:b4:4c:d2:c5:ed:d2:35:90:36:18 Name: T410 Type: ssh-rsa Fingerprint: d1:47:77:66:6f:37:05:76:c9:e2:b9:0b:9a:89:ef:9b
For security reasons, the content of public keys will not be showed here. So a good name will be helpful when adding new keys.
And you can add/update/remove SSH keys using command line tool as well:
$ rhc sshkey Usage: rhc sshkey (<command> | --help) [<args>] Manage multiple keys for the registered rhcloud user. List of commands list Display all the SSH keys for the user account add Add SSH key to the user account update Update SSH key for the user account remove Remove SSH key from the user account
For more information, there is a chapter in the OpenShift User Guide talking about SSH Keys.
We have talked about how to manage your SSH keys but this is just a start of what you can do with SSH. Now we can some really cool stuff - Enjoy it!
After you have created your domain and your application, click your app in the Web Console or use the
rhc domain show command to display the Git URL of your current applications:
Application Info ================ test Framework: ruby-1.8 Creation: 2012-07-03T01:36:23-04:00 UUID: 07cb826dfa224af8a350087dd1000e3f Git URL: ssh://firstname.lastname@example.org/~/git/test.git/ Public URL: http://test-forever.rhcloud.com/ Embedded: None
Git URL works not only for
git operations, but also for accessing the OpenShift Shell of your app.
Using git with SSH
The most common part of using SSH key is during your git operations.
We've mentioned that multiple SSH keys can be managed in your OpenShift account, that means the apps under your account can be maintained from different computers or even a team of developers!
You can update your code anywhere you want. Just generate a pair of SSH keys for each computer you would like to work on, and save the public key in your OpenShift account.
What's cooler, it's the best way for collaborating development. Teamwork gets easier!
Access a shell on OpenShift
You can manage your OpenShift applications in a shell environment to perform specialized operations and general debugging. The shell access provides specialized tools for managing your applications.
Shell access is quite powerful and it is possible to accidentally damage an application. Therefore it is recommended you only use shell access when necessary.
It's as simple as just one command:
$ ssh email@example.com ********************************************************************* You are accessing a service that is for use only by authorized users. If you do not have authorization, discontinue use at once. Any use of the services is subject to the applicable terms of the agreement which can be found at: https://openshift.redhat.com/app/legal ********************************************************************* Welcome to OpenShift shell This shell will assist you in managing OpenShift applications. !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!! Shell access is quite powerful and it is possible for you to accidentally damage your application. Proceed with care! If worse comes to worst, destroy your application with 'rhc app destroy' and recreate it !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!! Type "help" for more info. [test-forever.rhcloud.com ~]\>
BTW, for guys who prefer GUI tools like PuTTY to access OpenShift Shell, please read the following steps:
Guide for Linux user:
1- set the host name in "session", actually it's your app url (the part after @ of your ssh url)
2- in "connection" - "data", set the "username" as your ssh id (the part before @ in your ssh url)
3- in "connection" - "ssh" - "auth", set your private ssh key in "autentication parameters"
Everything is under your control!
Now, you can easily:
A. Check any of your files (e.g. log files in
$app_name/logs/, or data files in
$app_name/data/) for debugging
B. Check any environment variables you want to use in your code
mysql to access the database interactive shell
D. Execute particular commands like scale-up related ones
Lost the password of MySQL in your app?
echo $OPENSHIFT_MYSQL_DB_PASSWORD in the shell.