ssh: Usage, Options & Common CI Errors
ssh gives you an encrypted connection to run commands on a remote host.
ssh underlies deploys, git over SSH, and remote runners. Most CI failures are host-key prompts and key permissions, both of which have deterministic fixes.
What it does
ssh authenticates to a remote host (usually with a key) and opens an interactive shell or runs a single command. In CI it is non-interactive, so host-key checking and key permissions must be handled up front.
Common usage
ssh -i key.pem user@host "uptime"
ssh -o StrictHostKeyChecking=accept-new user@host
ssh-keyscan -H github.com >> ~/.ssh/known_hosts
chmod 600 key.pem # keys must not be group/world readable
ssh -o BatchMode=yes user@host "deploy.sh"Options
| Flag | What it does |
|---|---|
| -i <file> | Use a specific identity (private key) |
| -o KEY=VALUE | Set a config option inline |
| -p <port> | Connect to a non-default port |
| -T | Disable pseudo-terminal allocation |
| -o BatchMode=yes | Never prompt; fail instead |
Common errors in CI
Host key verification failed - the host is not in known_hosts and there is no TTY to accept it. Pre-seed it with ssh-keyscan host >> ~/.ssh/known_hosts or use -o StrictHostKeyChecking=accept-new. "Permissions 0644 for key.pem are too open" - chmod 600 the key. "Permission denied (publickey)" means the key is not authorized on the host or the wrong key/user was used.