CircleCI 2.0 now supports Rebuild with SSH

CircleCI 1.0 customers have found it useful to debug failed builds and investigate problems by using SSH access.

We have enabled SSH access functionality for builds running on our 2.0 platform. You can now Rebuild with SSH on 2.0.

To debug a build that has already finished, you can click on Rebuild with SSH option from the dropdown as shown below.

To see the connection details, expand the ‘Enable SSH’ section in the build output where you will see the ssh command needed to connect:

The details are displayed again in the ‘Wait for SSH’ section at the end of the job:

(In CircleCI 1.0 this information is displayed at the top of the page in the main UI, we’ll make an update soon so that the details are displayed in the same way for 2.0 jobs.)

If you have any feedback for this feature, do let us know by using the reply option and posting comments below.

9 Likes

To debug tests that are running in a Chrome browser container, we use SSH tunneling on CircleCI 1.0 to get access to the browser via VNC:

ssh -p PORT ubuntu@IP_ADDRESS -L 5901:localhost:5900

Now that we have SSH Debugging on CircleCI 2.0, I tried the same thing:

ssh -p PORT IP_ADDRESS -L 5901:localhost:5900

I am able to get an SSH tunnel connected, but when I try to connect to the Container via VNC, I get the following error on the CircleCI 2.0 machine:

channel 3: open failed: unknown channel type: unsupported channel type

I’m not technically savy enough with SSH tunneling to know what the problem is, and my Googling hasn’t dug up any answers. Does anyone know what I’m doing wrong?

1 Like

SSH tunnelling on 2.0 is not enabled yet. We expect to make this available soon. We’ll update here when it’s ready.

Do 2.0 users need to be whitelisted for this feature? I have the menu option to rebuild with SSH, but the “Enable SSH” step doesn’t happen for my builds, and thus I cannot ssh to my builds. I’m using the docker executor.

Whitelisting isn’t required. Can you submit a support ticket from the CircleCI UI or email support@circleci.com with a link to a relevant build and we’ll take a look.

Does this work for jobs running in the docker executor?

Yes SSH access is available for builds using the Docker executor.

Local port forwarding works now as expected. Give it a try and let us know how it goes.

That’s pretty odd. We validate with the registered GitHub public ssh keys - and for some reason GitHub isn’t report any for your account at the moment: https://github.com/cee-dub.keys (compare that to https://github.com/notnoopci.keys ).

Can you please double check your GitHub account ssh key in https://github.com/settings/keys ?

We will update the builds with an appropriate message for this case. Thanks for bringing it up…

2 Likes

Indeed it turns out I somehow didn’t have any SSH keys in my Github account. Verified that SSH is activated and works once I added a key to Github. :key:

A message in the build process would be very useful to debug this situation.

1 Like

Local port forwarding works great. Thanks!

Can I disable SSH?

Secret tokens stored in settings are available by SSH.
In my team policy, only admin user can access the secret, not all members.

12 Likes

Is there a mechanism to save artifacts that I generate during my debug session? I’d expect to move them into a $CIRCLE_ARTIFACTS folder similar to 1.0, but this variable does not exist.

https://circleci.com/docs/2.0/artifacts

Hey rose, I’m looking for a way to upload artifacts from the SSH shell. I don’t believe I can run a store_artifacts step manually from an open terminal session.

I currently just used scp to download the artifact to my local development machine, but it’d be helpful to have these artifacts be stored alongside the build and accessible in Circle.

I don’t believe that’s currently possible, but it’s a great feature request! Please file it here:

That said, any build artifacts created during a “rebuild with SSH” run will be stored the same way they would be on a regular CircleCI build.

Thanks!

This topic was automatically closed after 56 minutes. New replies are no longer allowed.