Question
How can I connect to CH Cloud service using SSH Key Authentication?
Answer
1) Use ssh-keygen to create the keypair. Example:
➜ new ssh-keygen \
-t ed25519 \
> -f /Users/testuser/.ssh/ch_key
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/testuser/.ssh/ch_key
Your public key has been saved in /Users/testuser/.ssh/ch_key.pub
.....
2) Use the public key (ch_key.pub in above example) to create the USER.
clickhouse-cloud :) CREATE USER abcuser IDENTIFIED WITH ssh_key BY KEY 'AAAABBBcdE1lZDI1NTE5AAAAIISdl4CrGM8mckXBUXLjL3ef9XwnycDWEvBPu3toB40m' TYPE 'ssh-ed25519';
CREATE USER abcuser IDENTIFIED WITH ssh_key BY KEY AAAABBBcdE1lZDI1NTE5AAAAIISdl4CrGM8mckXBUXLjL3ef9XwnycDWEvBPu3toB40m TYPE `ssh-ed25519`
Query id: 34c6aad6-5f88-4c80-af7a-7d37c91ba7d5
Ok.
3) Run SHOW users to confirm the user creation.
4) Grant default_role to the user (optional).
clickhouse-cloud :) grant default_role to abcuser;
GRANT default_role TO abcuser
Query id: 4a054003-220a-4dea-8e8d-eb1f08ee7b10
Ok.
0 rows in set. Elapsed: 0.137 sec.
5) Use the private key now to authenticate against the service.
➜ new ./clickhouse client --host myhost.us-central1.gcp.clickhouse.cloud --secure --user abcuser --ssh-key-file '/Users/testuser/.ssh/ch_key'
ClickHouse client version 23.12.1.863 (official build).
Enter your private key passphrase (leave empty for no passphrase):
Connecting to myhost.us-central1.gcp.clickhouse.cloud:9440 as user abcuser.
Connected to ClickHouse server version 23.9.2.
clickhouse-cloud :) select currentUser();
SELECT currentUser()
Query id: d4b6bb60-ef45-47d3-8740-db9f2941dcd2
┌─currentUser()─┐
│ abcuser │
└───────────────┘
1 row in set. Elapsed: 0.001 sec.
clickhouse-cloud :)