Use SSH credentials in Jenkins with SSH, SCP, SFTP

There are various ways in Jenkins for using the SSH credentials to perform SSH, SCP or SFTP. You have to choose which one is more suitable for your need and project setup.

In this blog post I will walk you through the couple of options with which you can accomplish the SSH, SCP or SFTP

Table of Content

  1. Using SSH Agent Plugin
  2. Credentials Binding Plugin

1. Using SSH Agent Plugin

1.1 Install necessary plugins

Make sure that you've installed the "SSH Agent Plugin" and "Pipeline: Groovy Plugin" in Jenkins. These plugins will allow Jenkins to use SSH credentials in your pipeline.

1.2 Add SSH credentials

Go to Jenkins dashboard, then click Credentials -> System -> Global credentials (unrestricted) -> Add Credentials.

Choose "SSH Username with private key" in Kind. Put your SSH username in Username and paste your SSH private key in Private Key. Give a unique ID for this credential set in ID field, this ID will be used in your pipeline script.

Jenkins add credentials under global credentials

The above example shows only one type of credentials which is getting stored in Jenkins. But you can follow above steps for storing multiple credentials in jenkins.

1.3 Use SSH credentials in Jenkins Pipeline

In your Jenkins pipeline, you can use these SSH credentials as follows:

 1# We will use the docker credentials to push the docker image
 2
 3node {
 4
 5    stage("Docker build"){
 6        sh 'docker version'
 7        sh 'docker build -t jhooq-docker-demo .'
 8        sh 'docker image list'
 9        sh 'docker tag jhooq-docker-demo rahulwagh17/jhooq-docker-demo:jhooq-docker-demo'
10    }
11    
12    # Use docker credentials to push the docker image
13    withCredentials([string(credentialsId: 'DOCKER_HUB_PASSWORD', variable: 'PASSWORD')]) {
14        sh 'docker login -u rahulwagh17 -p $PASSWORD'
15    }
16} 
17 

1.4 Implement SSH, SCP and SFTP using SSH Agent Plugin

Here are few more examples to refer where I have done the SSH, SCP and SFTP -

 1pipeline {
 2    agent any
 3    
 4    
 5    stages {
 6        # Using withCredentials to perform SCP operation
 7        stage('SCP copy') {
 8            steps {
 9                withCredentials([sshUserPrivateKey(credentialsId: 'my-ssh-credentials-id', keyFileVariable: 'MY_SSH_KEY')]) {
10                    sh '''
11                    scp -i $MY_SSH_KEY your-file.txt username@your-remote-server:/path/to/directory/
12                    '''
13                }
14            }
15        }
16        
17        # Using withCredentials to perform SSH operation
18        stage('SSH commands') {
19            steps {
20                withCredentials([sshUserPrivateKey(credentialsId: 'my-ssh-credentials-id', keyFileVariable: 'MY_SSH_KEY')]) {
21                    sh '''
22                    ssh -i $MY_SSH_KEY username@your-remote-server "commands to execute"
23                    '''
24                }
25            }
26        }
27        
28        # Using withCredentials to perform SFTP operation
29        stage('SFTP commands') {
30            steps {
31                withCredentials([sshUserPrivateKey(credentialsId: 'my-ssh-credentials-id', keyFileVariable: 'MY_SSH_KEY')]) {
32                    sh '''
33                    sftp -i $MY_SSH_KEY username@your-remote-server <<EOF
34                    cd /path/to/directory
35                    put your-file.txt
36                    bye
37                    EOF
38                    '''
39                }
40            }
41        }
42    }
43}

2. Credentials Binding Plugin

There is one more plugin which is more popular in the Jenkins community and it is very well known by the name Credentials Binding Plugin.

Here are steps which you need to follow to install that plugin -

2.1 Install Credentials Binding Plugin

1. Login to Jenkins - Log in to your Jenkins server dashboard. You need to have administrative rights.

2. Go to "Manage Jenkins - On your Jenkins dashboard, click on "Manage Jenkins" in the left-hand side navigation menu.

3. Go to "Manage Plugins - In the Manage Jenkins page, look for "Manage Plugins" and click on it. It's generally towards the bottom of the options.

4. Search for the Credentials Binding Plugin - You'll be presented with a list of tabs for managing plugins: Updates, Available, Installed, and Advanced. Click on the "Available" tab and use the "Filter" search box to find "Credentials Binding Plugin".

5. Install the Plugin - Once you've found the "Credentials Binding Plugin" in the list, check the checkbox next to it and then click either "Install without restart" or "Download now and install after restart".

  • "Install without restart" will attempt to install the plugin immediately but some of its functionality may not be available until after a restart.
  • "Download now and install after restart" will download the plugin and install it when you next restart Jenkins.

6. Restart Jenkins (If necessary) - If you chose to install after restart or if the plugin requires it, you should restart your Jenkins server.


2.2 Add SSH credentials

Go to Jenkins dashboard, then click Credentials -> System -> Global credentials (unrestricted) -> Add Credentials.

Choose "SSH Username with private key" in Kind. Put your SSH username in Username and paste your SSH private key in Private Key. Give a unique ID for this credential set in ID field, this ID will be used in your pipeline script.


2.3 Use SSH credentials in Jenkins Pipeline

In your Jenkins pipeline, you can use these SSH credentials as follows:

 1pipeline {
 2    agent any
 3
 4    stages {
 5        # For performing the SCP
 6        stage('SCP copy') {
 7            steps {
 8                sshagent(['my-ssh-credentials-id']) {
 9                    sh '''
10                    scp your-file.txt username@your-remote-server:/path/to/directory/
11                    '''
12                }
13            }
14        }
15        
16        # For performing the SSH
17        stage('SSH commands') {
18            steps {
19                sshagent(['my-ssh-credentials-id']) {
20                    sh '''
21                    ssh username@your-remote-server "commands to execute"
22                    '''
23                }
24            }
25        }
26        
27        # For performing the SFTP
28        stage('SFTP commands') {
29            steps {
30                sshagent(['my-ssh-credentials-id']) {
31                    sh '''
32                    sftp username@your-remote-server <<EOF
33                    cd /path/to/directory
34                    put your-file.txt
35                    bye
36                    EOF
37                    '''
38                }
39            }
40        }
41    }
42}
43 

Remember to replace 'my-ssh-credentials-id' with the ID you provided when adding the SSH credentials, and replace 'username@your-remote-server', '/path/to/directory', and 'commands to execute' with your specific values.

This sshagent step provided by the SSH Agent plugin will automatically handle key management and disposal for you, so you don't need to worry about securely storing and cleaning up after the keys.

Posts in this series