Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Pengguna dan akun layanan dapat menggunakan kunci publik SSH untuk melakukan autentikasi ke repositori Secure Source Manager. Halaman ini menjelaskan cara membuat pasangan kunci SSH, lalu menambahkannya sebagai metode autentikasi di antarmuka web Secure Source Manager.
Secure Source Manager mendukung jenis kunci SSH RSA, ECDSA, dan Ed25519.
Peran yang diperlukan
Untuk mendapatkan izin yang
diperlukan untuk mengautentikasi menggunakan kunci publik SSH,
minta administrator untuk memberi Anda
peran IAM berikut:
Untuk menambahkan kunci SSH bagi pengguna:
Secure Source Manager Instance Accessor (roles/securesourcemanager.instanceAccessor)
di instance Secure Source Manager
Peran bawaan ini berisi
izin yang diperlukan untuk mengautentikasi menggunakan kunci publik SSH. Untuk melihat izin yang benar-benar diperlukan, luaskan bagian Izin yang diperlukan:
Izin yang diperlukan
Izin berikut diperlukan untuk mengautentikasi menggunakan kunci publik SSH:
securesourcemanager.sshkeys.createAny
pada instance Secure Source Manager
Untuk menetapkan kunci SSH ke akun layanan:
iam.serviceAccounts.actAs
di akun layanan
Di jendela yang terbuka, pilih jenis kunci dari kolom Parameter.
Klik Generate.
PuTTYGen akan menampilkan string kunci publik yang dihasilkan.
Saat diminta, biarkan frasa sandi kosong dan tekan Enter.
Untuk menyimpan pasangan kunci yang Anda buat ke sistem lokal, klik
Save Public Key dan Save Private Key.
Menambahkan kunci SSH untuk pengguna
Di antarmuka web Secure Source Manager, dari halaman instance atau repositori, klik menu more_vertopsi lainnya.
Klik User SSH keys.
Halaman Kunci SSH pengguna akan terbuka, dan daftar
kunci yang sudah ada yang telah Anda buat akan ditampilkan.
Di halaman User SSH keys, klik Add key.
Di halaman Add SSH Key, masukkan nilai berikut untuk kunci Anda:
Judul: tambahkan judul deskriptif untuk kunci.
Kunci publik SSH: tempel string kunci publik Anda. Untuk mendapatkan
string kunci publik Anda, jalankan perintah berikut:
cat ~/.ssh/FILENAME.pub
Dengan FILENAME adalah nama yang Anda berikan pada file kunci.
Anda dapat menggunakan kunci SSH untuk melakukan autentikasi ke repositori Secure Source Manager mana pun asalkan Anda memiliki izin yang diperlukan di repositori tersebut.
Menambahkan kunci SSH untuk akun layanan
Untuk mengizinkan akses terprogram ke repositori, Anda dapat menambahkan kunci SSH untuk akun layanan.
Jika Anda belum memiliki akun layanan yang ingin digunakan,
buat akun layanan.
Dari antarmuka web Secure Source Manager, klik menu more_vertmore options.
Klik Service account SSH keys. Halaman Kunci SSH akun layanan akan terbuka, dan daftar kunci yang ada yang telah Anda tambahkan akan ditampilkan.
Di halaman Service account SSH keys, klik Add key.
Di halaman Add service account SSH key, masukkan nilai berikut
untuk kunci Anda:
Judul: judul deskriptif untuk kunci
Akun layanan: email akun layanan untuk akun layanan yang ingin Anda gunakan kunci SSH-nya dalam format SA_NAME@PROJECT_ID.
Di mana
SA_NAME adalah nama akun layanan.
PROJECT_ID adalah project ID project tempat akun layanan dibuat.
Kunci Publik SSH: Kunci SSH publik Anda. Lihat
Membuat pasangan kunci untuk mengetahui informasi tentang cara membuat pasangan kunci SSH.
Jika akun layanan tidak berada dalam project yang sama dengan instance Secure Source Manager Anda, berikan agen layanan Secure Source Manager salah satu peran atau izin berikut pada akun layanan yang ingin Anda gunakan:
Izin iam.serviceAccounts.signJwt
Peran Pembuat Token Akun Layanan (roles/iam.serviceAccountTokenCreator)
Jalankan perintah berikut untuk menambahkan kebijakan IAM ke akun layanan Secure Source Manager Anda guna memberikan peran Pembuat Token Akun Layanan.
Dengan SERVICE_ACCOUNT adalah akun layanan yang ingin Anda gunakan dan
INSTANCE_PROJECT_NUMBER adalah nomor project instance Secure Source Manager Anda.
SERVICE_ACCOUNT harus diformat sebagai ID akun layanan numerik atau sebagai email, seperti ini: 123456789876543212345 atau my-iam-account@somedomain.com.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Authenticate using SSH public keys\n\nUsers and service accounts can use SSH public keys to authenticate to\nSecure Source Manager repositories. This page describes how to generate an\nSSH key pair, and then add it as an authentication method in the\nSecure Source Manager web interface.\n\nSecure Source Manager supports RSA, ECDSA, and Ed25519 SSH key types.\n\nRequired roles\n--------------\n\n\nTo get the permissions that\nyou need to authenticate using SSH public keys,\n\nask your administrator to grant you the\nfollowing IAM roles:\n\n- To add an SSH key for a user: [Secure Source Manager Instance Accessor](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.instanceAccessor) (`roles/securesourcemanager.instanceAccessor`) on the Secure Source Manager instance\n- To add an SSH key for a service account:\n - [Secure Source Manager Instance Manager](/iam/docs/roles-permissions/securesourcemanager#securesourcemanager.instanceManager) (`roles/securesourcemanager.instanceManager`) on the Secure Source Manager instance\n - [Service Account User](/iam/docs/roles-permissions/iam#iam.serviceAccountUser) (`roles/iam.serviceAccountUser`) on the service account\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nThese predefined roles contain\n\nthe permissions required to authenticate using SSH public keys. To see the exact permissions that are\nrequired, expand the **Required permissions** section:\n\n\n#### Required permissions\n\nThe following permissions are required to authenticate using SSH public keys:\n\n- ` ``securesourcemanager.sshkeys.createAny` on the Secure Source Manager instance\n- To assign an SSH key to a service account: ` ``iam.serviceAccounts.actAs` on the service account\n\n\nYou might also be able to get\nthese permissions\nwith [custom roles](/iam/docs/creating-custom-roles) or\nother [predefined roles](/iam/docs/roles-overview#predefined).\n\nFor information on granting Secure Source Manager roles,\nsee [Access control with IAM](/secure-source-manager/docs/access-control) and\n[Grant users instance access](/secure-source-manager/docs/grant-users-instance-access).\n\nGenerate a key pair\n-------------------\n\nAn SSH key pair consists of a private key that resides on your local system and\na public key that you register with Google Cloud. \n\n### Linux or macOS\n\n1. Install\n [OpenSSH](https://www.openssh.com/)\n on your local system.\n\n2. At a command prompt, enter the following command:\n\n ssh-keygen -t [KEY_TYPE] -C \"[USER_EMAIL]\"\n\n Where:\n - `[USER_EMAIL]` is your email address.\n - `[KEY_TYPE]` is one of `rsa`, `ecdsa`, or `ed25519`.\n\n For example: \n\n ssh-keygen -t rsa -C \"user@example.com\"\n\n 1. When prompted, enter a location and filename for the public key file.\n To accept the default location and filename, press **Enter**.\n\n 2. When prompted, leave the passphrase empty and press **Enter**.\n\n### Windows\n\n1. Install\n [PuTTY](https://www.putty.org/)\n on your local system.\n\n2. From the Windows **Start** menu, start PuTTYGen.\n\n3. In the window that opens, select the key type from the **Parameters**\n field.\n\n4. Click **Generate**.\n\n PuTTYGen displays the generated public key string.\n5. When prompted, leave the passphrase empty and press **Enter**.\n\n6. To save the key pair you generated to your local system, click\n **Save Public Key** and **Save Private Key**.\n\nAdd SSH keys for users\n----------------------\n\n1. In the Secure Source Manager web interface, from the instance or repository page, click the more_vert **more options** menu.\n2. Click **User SSH keys**.\n\n The **User SSH keys** page opens, and a list of\n any existing keys you've created is displayed.\n3. In the **User SSH keys** page, click **Add key**.\n\n4. In the **Add SSH Key** page, enter the following values for your key:\n\n 1. **Title**: add a descriptive title for the key.\n 2. **SSH public key**: paste your public key string. To get your public key string, run the following command:\n\n cat ~/.ssh/\u003cvar translate=\"no\"\u003eFILENAME\u003c/var\u003e.pub\n\n Where \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eFILENAME\u003c/code\u003e\u003c/var\u003e is the name you gave the key file.\n\nYou can use SSH keys to authenticate to any Secure Source Manager repository\nprovided you have the needed permissions on that repository.\n\nAdd SSH keys for service accounts\n---------------------------------\n\nTo allow programmatic access to your repository, you can add an SSH key for a\nservice account.\n\n1. If you don't already have a service account that you want to use, [create a service account](/iam/docs/creating-managing-service-accounts#creating).\n2. From the Secure Source Manager web interface, click the more_vert **more options** menu.\n3. Click **Service account SSH keys** . The **Service account SSH keys** page opens, and a list of any existing keys you've added is displayed.\n4. In the **Service account SSH keys** page, click **Add key**.\n5. In the **Add service account SSH key** page, enter the following values\n for your key:\n\n 1. **Title**: a descriptive title for the key\n 2. **Service account** : the service account email for the service\n account you want to use the SSH key in the format\n \u003cvar translate=\"no\"\u003eSA_NAME\u003c/var\u003e`@`\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e`.iam.gserviceaccount.com`\n\n Where\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eSA_NAME\u003c/code\u003e\u003c/var\u003e is the service account name.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePROJECT_ID\u003c/code\u003e\u003c/var\u003e is the project ID of the project the service account was created in.\n 3. **SSH Public Key** : Your public SSH key. See\n [Generate a key pair](#generate-key-pair) for information on how to\n generate an SSH key pair.\n\n6. If the service account is not in the same project as your\n Secure Source Manager instance, give Secure Source Manager's\n [service agent](/iam/docs/service-agents)\n one of the following roles or permissions on the service account you want to\n use:\n\n - `iam.serviceAccounts.signJwt` permission\n - Service Account Token Creator (`roles/iam.serviceAccountTokenCreator`) role\n\n\n Run the following command to add an IAM policy to your\n Secure Source Manager service account to grant it the Service Account\n Token Creator role. \n\n gcloud iam service-accounts add-iam-policy-binding \u003cvar translate=\"no\"\u003eSERVICE_ACCOUNT\u003c/var\u003e \\\n --member=\"serviceAccount:service-\u003cvar translate=\"no\"\u003eINSTANCE_PROJECT_NUMBER\u003c/var\u003e@gcp-sa-sourcemanager.iam.gserviceaccount.com\" \\\n --role=\"roles/iam.serviceAccountTokenCreator\"\n\n Where \u003cvar translate=\"no\"\u003eSERVICE_ACCOUNT\u003c/var\u003e is the service account you want to use and\n \u003cvar translate=\"no\"\u003eINSTANCE_PROJECT_NUMBER\u003c/var\u003e is the project number of your\n Secure Source Manager instance.\n\n The \u003cvar translate=\"no\"\u003eSERVICE_ACCOUNT\u003c/var\u003e should be formatted either as a numeric\n service account ID or as an email, like this: 123456789876543212345 or\n my-iam-account@somedomain.com.\n\nWhat's next\n-----------\n\n- [Connect to Cloud Build](/secure-source-manager/docs/connect-cloud-build).\n- [Connect to Jenkins](/secure-source-manager/docs/connect-jenkins)."]]
