Use SSH credentials in Jenkins with SSH, SCP, SFTP
There are various ways in Jenkins for using the SSH credentials to perform SSH, SCP or SFTP. You have to choose which one is more suitable for your need and project setup.
In this blog post I will walk you through the couple of options with which you can accomplish the SSH, SCP or SFTP
Table of Content
1. Using SSH Agent Plugin
1.1 Install necessary plugins
Make sure that you've installed the "SSH Agent Plugin" and "Pipeline: Groovy Plugin" in Jenkins. These plugins will allow Jenkins to use SSH credentials in your pipeline.
1.2 Add SSH credentials
Go to Jenkins dashboard, then click Credentials -> System -> Global credentials (unrestricted) -> Add Credentials.
Choose "SSH Username with private key" in Kind. Put your SSH username in Username and paste your SSH private key in Private Key. Give a unique ID for this credential set in ID field, this ID will be used in your pipeline script.
The above example shows only one type of credentials which is getting stored in Jenkins. But you can follow above steps for storing multiple credentials in jenkins.
1.3 Use SSH credentials in Jenkins Pipeline
In your Jenkins pipeline, you can use these SSH credentials as follows:
1# We will use the docker credentials to push the docker image
2
3node {
4
5 stage("Docker build"){
6 sh 'docker version'
7 sh 'docker build -t jhooq-docker-demo .'
8 sh 'docker image list'
9 sh 'docker tag jhooq-docker-demo rahulwagh17/jhooq-docker-demo:jhooq-docker-demo'
10 }
11
12 # Use docker credentials to push the docker image
13 withCredentials([string(credentialsId: 'DOCKER_HUB_PASSWORD', variable: 'PASSWORD')]) {
14 sh 'docker login -u rahulwagh17 -p $PASSWORD'
15 }
16}
17
1.4 Implement SSH, SCP and SFTP using SSH Agent Plugin
Here are few more examples to refer where I have done the SSH, SCP and SFTP -
1pipeline {
2 agent any
3
4
5 stages {
6 # Using withCredentials to perform SCP operation
7 stage('SCP copy') {
8 steps {
9 withCredentials([sshUserPrivateKey(credentialsId: 'my-ssh-credentials-id', keyFileVariable: 'MY_SSH_KEY')]) {
10 sh '''
11 scp -i $MY_SSH_KEY your-file.txt username@your-remote-server:/path/to/directory/
12 '''
13 }
14 }
15 }
16
17 # Using withCredentials to perform SSH operation
18 stage('SSH commands') {
19 steps {
20 withCredentials([sshUserPrivateKey(credentialsId: 'my-ssh-credentials-id', keyFileVariable: 'MY_SSH_KEY')]) {
21 sh '''
22 ssh -i $MY_SSH_KEY username@your-remote-server "commands to execute"
23 '''
24 }
25 }
26 }
27
28 # Using withCredentials to perform SFTP operation
29 stage('SFTP commands') {
30 steps {
31 withCredentials([sshUserPrivateKey(credentialsId: 'my-ssh-credentials-id', keyFileVariable: 'MY_SSH_KEY')]) {
32 sh '''
33 sftp -i $MY_SSH_KEY username@your-remote-server <<EOF
34 cd /path/to/directory
35 put your-file.txt
36 bye
37 EOF
38 '''
39 }
40 }
41 }
42 }
43}
2. Credentials Binding Plugin
There is one more plugin which is more popular in the Jenkins community and it is very well known by the name Credentials Binding Plugin.
Here are steps which you need to follow to install that plugin -
2.1 Install Credentials Binding Plugin
1. Login to Jenkins - Log in to your Jenkins server dashboard. You need to have administrative rights.
2. Go to "Manage Jenkins - On your Jenkins dashboard, click on "Manage Jenkins" in the left-hand side navigation menu.
3. Go to "Manage Plugins - In the Manage Jenkins page, look for "Manage Plugins" and click on it. It's generally towards the bottom of the options.
4. Search for the Credentials Binding Plugin - You'll be presented with a list of tabs for managing plugins: Updates, Available, Installed, and Advanced. Click on the "Available" tab and use the "Filter" search box to find "Credentials Binding Plugin".
5. Install the Plugin - Once you've found the "Credentials Binding Plugin" in the list, check the checkbox next to it and then click either "Install without restart" or "Download now and install after restart".
- "Install without restart" will attempt to install the plugin immediately but some of its functionality may not be available until after a restart.
- "Download now and install after restart" will download the plugin and install it when you next restart Jenkins.
6. Restart Jenkins (If necessary) - If you chose to install after restart or if the plugin requires it, you should restart your Jenkins server.
2.2 Add SSH credentials
Go to Jenkins dashboard, then click Credentials -> System -> Global credentials (unrestricted) -> Add Credentials.
Choose "SSH Username with private key" in Kind. Put your SSH username in Username and paste your SSH private key in Private Key. Give a unique ID for this credential set in ID field, this ID will be used in your pipeline script.
2.3 Use SSH credentials in Jenkins Pipeline
In your Jenkins pipeline, you can use these SSH credentials as follows:
1pipeline {
2 agent any
3
4 stages {
5 # For performing the SCP
6 stage('SCP copy') {
7 steps {
8 sshagent(['my-ssh-credentials-id']) {
9 sh '''
10 scp your-file.txt username@your-remote-server:/path/to/directory/
11 '''
12 }
13 }
14 }
15
16 # For performing the SSH
17 stage('SSH commands') {
18 steps {
19 sshagent(['my-ssh-credentials-id']) {
20 sh '''
21 ssh username@your-remote-server "commands to execute"
22 '''
23 }
24 }
25 }
26
27 # For performing the SFTP
28 stage('SFTP commands') {
29 steps {
30 sshagent(['my-ssh-credentials-id']) {
31 sh '''
32 sftp username@your-remote-server <<EOF
33 cd /path/to/directory
34 put your-file.txt
35 bye
36 EOF
37 '''
38 }
39 }
40 }
41 }
42}
43
Remember to replace 'my-ssh-credentials-id' with the ID you provided when adding the SSH credentials, and replace 'username@your-remote-server', '/path/to/directory', and 'commands to execute' with your specific values.
This sshagent step provided by the SSH Agent plugin will automatically handle key management and disposal for you, so you don't need to worry about securely storing and cleaning up after the keys.