Skip to content
Latchkey

ssh: Usage, Options & Common CI Errors

ssh gives you an encrypted connection to run commands on a remote host.

ssh underlies deploys, git over SSH, and remote runners. Most CI failures are host-key prompts and key permissions, both of which have deterministic fixes.

What it does

ssh authenticates to a remote host (usually with a key) and opens an interactive shell or runs a single command. In CI it is non-interactive, so host-key checking and key permissions must be handled up front.

Common usage

Terminal
ssh -i key.pem user@host "uptime"
ssh -o StrictHostKeyChecking=accept-new user@host
ssh-keyscan -H github.com >> ~/.ssh/known_hosts
chmod 600 key.pem        # keys must not be group/world readable
ssh -o BatchMode=yes user@host "deploy.sh"

Options

FlagWhat it does
-i <file>Use a specific identity (private key)
-o KEY=VALUESet a config option inline
-p <port>Connect to a non-default port
-TDisable pseudo-terminal allocation
-o BatchMode=yesNever prompt; fail instead

Common errors in CI

Host key verification failed - the host is not in known_hosts and there is no TTY to accept it. Pre-seed it with ssh-keyscan host >> ~/.ssh/known_hosts or use -o StrictHostKeyChecking=accept-new. "Permissions 0644 for key.pem are too open" - chmod 600 the key. "Permission denied (publickey)" means the key is not authorized on the host or the wrong key/user was used.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →