ssh Command Reference for CI Scripts
ssh gives an encrypted connection to run commands on a remote host.
ssh underlies deploys, git over SSH, and remote runners. Most CI failures are host-key prompts and key permissions, both of which have deterministic fixes.
Common flags/usage
- -i FILE: use a specific identity (private key)
- -o KEY=VALUE: set a config option inline
- -p PORT: connect to a non-default port
- -o BatchMode=yes: never prompt, fail instead
- -o StrictHostKeyChecking=accept-new: trust an unknown host once
Example
shell
chmod 600 "${HOME}/.ssh/id_ed25519"
ssh-keyscan -H "${DEPLOY_HOST}" >> "${HOME}/.ssh/known_hosts"
ssh -i "${HOME}/.ssh/id_ed25519" -o BatchMode=yes \
"deploy@${DEPLOY_HOST}" "cd /srv/app && ./pull-and-restart.sh"In CI
"Host key verification failed" means the host is not in known_hosts and there is no TTY to accept it; pre-seed it with ssh-keyscan or use -o StrictHostKeyChecking=accept-new. "Permissions 0644 are too open" needs chmod 600. BatchMode=yes makes ssh fail fast instead of hanging on a password prompt.
Key takeaways
- Pre-seed known_hosts with ssh-keyscan to avoid the host-key prompt.
- chmod 600 the private key or ssh refuses to use it.
- BatchMode=yes makes ssh fail instead of hanging on a prompt.
Related guides
scp Command Reference for CI Scriptsscp copies files between hosts over SSH in CI deploys. Reference for -r, -i, and -P, plus the uppercase-port…
rsync Command Reference for CI Scriptsrsync synchronizes files efficiently in CI deploys and cache restores. Reference for -a, -z, --delete, and th…
ssh-keyscan Command Reference for CI Scriptsssh-keyscan fetches a host\u2019s public keys to pre-seed known_hosts in CI. Reference for -H, -t, -p, and th…
chmod Command Reference for CI Scriptschmod changes file permissions in CI. Reference for +x, octal modes, -R, and symbolic modes, plus the 600-on-…