CI/CD

SSH for CI/CD Pipelines

Persistent SSH sessions in your pipelines. SHA-256 verified deployments. Works with GitHub Actions, GitLab CI, and any runner that can execute shell commands.

The problem

CI/CD pipelines need to deploy to remote servers. Every pipeline step creates a new SSH connection. Credentials are stored as secrets but end up as environment variables in the runner. There is no built-in integrity verification — a compromised runner could deploy modified artifacts without detection. No manifest of what was actually deployed.

CI/CD SSH challenges

  • - New SSH connection per pipeline step — slow and fragile
  • - Credentials as environment variables in the runner
  • - No integrity verification of deployed artifacts
  • - Complex shell commands break across pipeline layers
  • - No audit trail linking deployments to pipeline runs

How sshDCommander solves it

Install sshDCommander in your CI runner. Start the daemon once at the beginning of the pipeline. All subsequent steps reuse the persistent SSH session. Deploy with --manifest for SHA-256 verification. The --client-id links every operation to the pipeline run.

Persistent Pipeline Sessions

Start the daemon once. Every pipeline step reuses the same SSH connection. No reconnect overhead between steps.

Verified Deployments

Every file uploaded with SHA-256 verification. Deploy manifests record exactly what was deployed. Post-deploy verification catches compromised artifacts.

Script Mode for Complex Commands

The -s flag handles pipes, quotes, and variable expansion safely. No more escaping nightmares in YAML pipeline definitions.

Pipeline-Aware Audit Trail

Use --client-id github-actions-123 to link every operation to the specific pipeline run. Full traceability.

In practice

GitHub Actions example

.github/workflows/deploy.yml
steps:
  - name: Install sshDCommander
    run: pip install sshdcommander
  - name: Configure and connect
    run: |
      sshdctl start-daemon
      sshdctl server add --name prod -H ${{ secrets.SERVER_HOST }} -u deploy --store
      sshdcmd --client-id ga-${{ github.run_id }} --server prod "echo ready" --connect
  - name: Deploy with verification
    run: |
      sshdcp --client-id ga-${{ github.run_id }} upload ./dist/ /opt/app/ --manifest deploy.json
      sshdcp --client-id ga-${{ github.run_id }} verify deploy.json
  - name: Restart application
    run: sshdcmd --client-id ga-${{ github.run_id }} "systemctl restart app"

Add verified SSH deploys to your pipeline

5-day free trial. No credit card required.

Start Free Trial