SSH into staging machine from docker instance using Bitbucket Pipelines

SSH into staging machine from docker instance using Bitbucket Pipelines

Using the new Bitbucket Pipelines feature, how can I SSH into my staging box from the docker container it spins up? 
The last step in my pipeline is an .sh file that deploys the necessary code on staging, however because my staging box uses public key authentication and doesn't know about the docker container, the SSH connection is being denied.
Anyway of getting around this without using password authentication over SSH (which is causing me issues as well by constantly choosing to authenticate over public key instead.)?

Solutions/Answers:

Answer 1:

Bitbucket pipelines can use a Docker image you’ve created, that has the ssh client setup to run during your builds, as long as it’s hosted on a publicly accessible container registry.

Create a Docker image.

Create a Docker image with your ssh key available somewhere. The image also needs to have the host key for your environment(s) saved under the user the container will run as. This is normally the root user but may be different if you have a USER command in your Dockerfile.

You could copy an already populated known-hosts file in or configure the file dynamically at image build time with:

RUN ssh-keyscan your.staging-host.com

Publish the image

Publish your image to a publicly accessible, but private registry. You can host your own or use a service like Docker Hub.

Configure Pipelines

Configure pipelines to build with your docker image.

If you use Docker Hub

image:
  name: account-name/java:8u66
  username: $USERNAME
  password: $PASSWORD
  email: $EMAIL

Or Your own external registry

  name: docker.your-company-name.com/account-name/java:8u66

Restrict access on your hosts

You don’t want to have ssh keys to access your hosts flying around the world so I would also restrict access for these deploy ssh keys to only run your deploy commands.

The authorized_keys file on your staging host:

command="/path/to/your/deploy-script",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-dss AAAAC8ghi9ldw== deploy@bitbucket

Unfortunately bitbucket don’t publish an IP list to restrict access to as they use shared infrastructure for pipelines. If they happen to be running on AWS then Amazon do publish IP lists.

from="10.5.0.1",command="",no-... etc

Also remember to date them an expire them from time to time. I know ssh keys don’t enforce dates but it’s a good idea to do it anyway.

Answer 2:

You can now setup SSH keys under pipeline settings so that you do not need to have a private docker image just to store ssh keys. It is also extracted from your source code so you don’t have it in your repo as well.

Under

Settings -> Pipelines -> SSH keys

You can either provide a key pair or generate a new one. The private key will be put in the docker container at ~/.ssh/config and provide you a public key you can put in your host to the ~/.ssh/authorized_keys file. The page also requires an ip or name to setup the fingerprint for known hosts when running on docker as well.

Also, Bitbucket has provided IP addresses you can white list if necessary for the docker containers being spun up. They are currently:

  • 34.236.25.177/32
  • 34.232.25.90/32
  • 52.203.14.55/32
  • 52.202.195.162/32
  • 52.204.96.37/32
  • 52.54.90.98/32
  • 34.199.54.113/32
  • 34.232.119.183/32
  • 35.171.175.212/32

References

Loading...

How to change the Signed in Phone Number in Firebase Authentication for Android?

How to change the Signed in Phone Number in Firebase Authentication for Android?

I am using Android Firebase Auth Ui for providing Phone Number based sign in option in an android app. I am trying to provide an additional option to signed in users to switch their signed in phone number to another number keeping the same user account.
But as per Firebase Docs for Phone number there are no options to change the signed in number.
There are options for linking different auth providers like email, google or Facebook login etc to same account. But there is no way mentioned about how to change the phone number or email id keeping the same user id. 
Is there a workaround or method by which we can achieve this?

Solutions/Answers:

Answer 1:

An API exists for updating the phone number of a current user: https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseUser.html#updatePhoneNumber(com.google.firebase.auth.PhoneAuthCredential)

Answer 2:

Apparently – according to the project maintainers – FirebaseUI-Android doesn’t support this feature, and it looks like they have no plans of doing it any time soon 🙁

References

Loading...