SSH Configuration

Solano CI Server Fingerprints

Solano CI’s server SSH public key fingerprints are:

git.solanolabs.com 16:33:97:ad:be:2d:63:a0:82:ed:9b:48:c2:97:1d:ee RSA
  40:30:d7:e1:c6:70:f3:ba:39:35:0e:2d:a9:6a:eb:d8 ECDSA
hg.solanolabs.com 16:33:97:ad:be:2d:63:a0:82:ed:9b:48:c2:97:1d:ee RSA
  40:30:d7:e1:c6:70:f3:ba:39:35:0e:2d:a9:6a:eb:d8 ECDSA

Configuring SSH Access to Solano CI

See SSH Key Management for details on how to manage your SSH keys in Solano CI.

Configuring SSH Inside the Test Environment

You can add new entries to the default list of SSH known hosts by checking in a copy of your known hosts file as config/ssh_known_hosts. If you get a Host key verification failed error message, you should add the target host name to config/ssh_known_hosts. Any entries in this file will be appended to the known hosts file in the worker.

You can also add known hosts entries to solano.yml. For instance:

---
known_hosts:
- github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hR...

Once your worker has booted, it will append the contents to the generated SSH known hosts file that is automatically installed.

You can extend the default SSH configuration installed in $HOME/.ssh/ssh_config by checking in a file called config/ssh_config.

Debugging SSH Key Problems

Debugging authentication problems can be difficult since SSH is itself not simple and multiple configuration files, the SSH agent, and multiple keys can all be involved. If you have used the Solano CLI, it will have set up a remote pointing to git.solanolabs.com. You can find the URL of your Solano CI git cache by using the following sequence of commands in the shell:

git remote -v | grep solano | grep push

This command will print out the push URL for your Solano CI git cache. Take the user and hostname part (uNNN@git.solanolabs.com) and ssh to it:

ssh -vv uNNN@git.solanolabs.com

You should see a lot of output, and an error at the end. In the middle, you’ll see the list of keys that ssh tried to send. If you don’t see the key that you have authorized in Solano CI, it means that ssh (which git uses) didn’t know to send that key. One way to configure SSH to use a specific key is to add the following to ~/.ssh/config:

Github and SSH

GitHub has a document on how to generate and authorize SSH keys here; you need only authorize the key printed by solano account as Solano CI has already generated a key for you. This key is also available in the web UI under the “SSH Worker Identity” menu item under “Organizations > Organization Settings”.

If you see a key already in use error from Github, follow the instructions from Github.