---
title: "Using SSH during a job in the pipeline"
date: "2024-02-14T06:18:38+00:00"
summary: "Learn how to use SSH during a job in your pipeline, including prerequisites, adding CI/CD variables, and customizing .gitlab-ci.yml for secure connections."
image:
type: "page"
url: "/acquia-cloud-platform/add-ons/code-studio/using-ssh-during-job-pipeline"
id: "ee48d473-3b13-40d1-9d11-962f9508f8cc"
---

Table of contents will be added

You can use SSH during a specific job in your pipeline.

Note

For Node.js applications, use `acquia/node-template` instead of `acquia/standard-template`.

The following example demonstrates how you can connect to a Cloud Platform environment by using SSH, before the [Build Code](/acquia-cloud-platform/add-ons/code-studio/docs/customizing-code-studio/drupal-auto-devops/autodevops-jobs#section-build-code-job) stage begins.

Prerequisites
-------------

Before you start using SSH to access an environment, you must:

1.  Understand configuration in GitLab.
2.  Generate a 4096 bit RSA SSH private/public key pair. For more information, see [Generating an SSH public key](/acquia-cloud-platform/manage-apps/command-line/ssh/getting-started/generate).
3.  Add the public key to Cloud Platform for a user who has a [role](/acquia-cloud-platform/access/teams/roles) with SSH access. For more information, see [Adding a public key to an Acquia profile](/acquia-cloud-platform/manage-apps/command-line/ssh/getting-started/add-key).

Adding CI/CD variables
----------------------

1.  Click **Settings** > **CI/CD**.
    
    ![CI/CD option is selected from the Settings option](https://acquia.widen.net/content/q9xp5whcif/jpeg/code-studio_settings-ci-cd.jpeg?position=c&color=ffffffff&quality=80&u=0b06mk)
    
2.  Expand the Variables section and click **Add variable**.
    
    ![A list of variables is displayed with the Add Variable button highlighted at the bottom](https://acquia.widen.net/content/sy1vxyydd1/jpeg/code-studio_add-variable.jpeg?position=c&color=ffffffff&quality=80&u=0b06mk)
    
3.  To add a variable for the SSH private key, do the following:
    
    1.  In **Key**, specify the value as `SSH_PRIVATE_KEY`.
    2.  In **Value**, paste your RSA private key.
    3.  Click **Add variable**.
    
    ![Creating a variable for SSH private key](https://acquia.widen.net/content/h7lhzpplnb/jpeg/code-studio_add-ssh-private-key.jpeg?position=c&color=ffffffff&quality=80&u=0b06mk7&w=760&h=670)
    
4.  To add a variable for SSH passphrase, click **Add variable** and do the following:
    
    1.  In **Key**, specify the value as `SSH_PASSPHRASE`.
    2.  In **Value**, paste the associated passphrase. If a passphrase does not exist, press the **Enter** key.
    3.  Click **Add variable**.
    
    ![Creating a variable for SSH passphrase](https://acquia.widen.net/content/dvvdertvjb/jpeg/code-studio_add-ssh-passphrase.jpeg?position=c&color=ffffffff&quality=80&u=0b06mk)
    
    The Variables section displays both the variables.
    
    ![Variables section with the two newly added variables](https://acquia.widen.net/content/ifsnss3dvp/jpeg/code-studio_variables.jpeg?position=c&color=ffffffff&quality=80&u=0b06mk)
    

Customizing .gitlab-ci.yml to use SSH
-------------------------------------

After adding the SSH private key and passphrase, you can customize your `gitlab-ci.yml` file to use the variables and connect by using SSH.

If you created the `.gitlab-ci.yml` file for the first time, set the CI/CD configuration file to `.gitlab-ci.yml` by clicking **Settings** > **CI/CD** > **General pipelines** > **CI/CD configuration file**.

The following is an example `.gitlab-ci.yml` file that sets the SSH configuration to connect to a Cloud Platform environment.

    include:
      - project: 'acquia/standard-template'
        file:
          - '/gitlab-ci/Auto-DevOps.acquia.gitlab-ci.yml'
    
    Build Code:
      before_script:
       ##
       ## Install ssh-agent if not already installed, it is required by Docker.
       ##
       - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'
    
    
       ##
       ## Run ssh-agent (inside the build environment)
       ##
       - eval $(ssh-agent -s)
    
    
       ##
       ## Create a shell script that will echo the environment variable SSH_PASSPHRASE
       ##
       - echo 'echo $SSH_PASSPHRASE' > ~/.ssh/tmp && chmod 700 ~/.ssh/tmp
    
    
       ##
       ## If ssh-add needs a passphrase, it will read the passphrase from the current
       ## terminal if it was run from a terminal. If ssh-add does not have a terminal
       ## associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the
       ## program specified by SSH_ASKPASS and open an X11 window to read the
       ## passphrase. This is particularly useful when calling ssh-add from a
       ## .xsession or related script. Setting DISPLAY=None drops the use of X11.
       ##
       - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | DISPLAY=None SSH_ASKPASS=~/.ssh/tmp ssh-add -
    
    
       ##
       ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
       ## with your own domain name. You can copy and repeat that command if you have
       ## more than one server to connect to.
       ##
       - ssh-keyscan <HOST> >> ~/.ssh/known_hosts
       - chmod 644 ~/.ssh/known_hosts
    
    
       ##
       ## You can optionally disable host key checking. Be aware that by adding that
       ## you are susceptible to man-in-the-middle attacks.
       ##
       - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
    
    
       ##
       ## Connect via ssh and do something.
       ##
       - ssh <USER>@<HOST>
       ## - <do something>

In this `.gitlab-ci.yml` file,

*   Replace `<HOST>` with your Cloud Platform host. For example, `mysitedev.ssh.prod.acquia-sites.com`.
*   Replace `<USER>@<HOST>` with your Cloud Platform user and host respectively. For example, `mysite.dev@mysitedev.ssh.prod.acquia-sites.com`.