oCoreoCore Docs
Admin Guide

SSH Access

Manage SSH keys, configure the SSH gateway, and connect to Odoo instances via terminal.

oCore provides an SSH gateway that allows secure terminal access to your Odoo instances without exposing individual container ports. Users register their SSH public keys, then connect through the gateway on port 2222 using the instance slug as the username.

SSH Key Management

Add and manage your SSH public keys.

Open in Dashboard

SSH Key Management

Adding an SSH Key

Navigate to Account Settings > SSH Keys and click Add Key.

Paste your SSH public key (the contents of ~/.ssh/id_ed25519.pub or similar).

Give the key a name for identification (e.g., "Work Laptop", "Desktop PC").

Click Save. The key is immediately available for SSH gateway access.

curl -X POST https://ocore.example.com/api/user/ssh-keys \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Work Laptop",
    "publicKey": "ssh-ed25519 AAAA... user@workstation"
  }'
ocore ssh-key add --name "Work Laptop" --key-file ~/.ssh/id_ed25519.pub

Supported Key Types

TypeAlgorithmRecommendation
ssh-ed25519Ed25519Recommended (fast, secure, compact)
ssh-rsaRSASupported (use 4096-bit minimum)
ecdsa-sha2-nistp256ECDSA P-256Supported
ecdsa-sha2-nistp384ECDSA P-384Supported

Importing Keys from GitHub

Import your public keys directly from your GitHub profile:

curl -X POST https://ocore.example.com/api/user/ssh-keys/import-github \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"githubUsername": "your-github-username"}'

This imports all public keys from https://github.com/<username>.keys and adds them to your oCore account.

Removing an SSH Key

curl -X DELETE https://ocore.example.com/api/user/ssh-keys/{keyId} \
  -H "Authorization: Bearer $TOKEN"

Listing Your Keys

curl https://ocore.example.com/api/user/ssh-keys \
  -H "Authorization: Bearer $TOKEN"

SSH Gateway Configuration

How the Gateway Works

The SSH gateway runs on port 2222 of the oCore server. When a user connects:

  1. The gateway authenticates the user's SSH public key against registered keys
  2. The instance slug (used as the SSH username) identifies the target instance
  3. The gateway establishes a connection to the instance's container
  4. The user gets a shell session inside the running Odoo container

Connection Format

ssh -p 2222 <instance-slug>@<ocore-hostname>

Example:

ssh -p 2222 my-odoo-18@ocore.example.com

SSH Config Shortcut

Add this to your ~/.ssh/config for convenience:

Host ocore-*
  HostName ocore.example.com
  Port 2222
  User %n
  IdentityFile ~/.ssh/id_ed25519

Then connect with:

ssh ocore-my-odoo-18

Instance Must Be Running

You can only SSH into instances that are in running status. Stopped or provisioning instances reject SSH connections.

Connecting via SSH to Instances

Interactive Shell

Once connected, you have a shell inside the Odoo instance container:

$ ssh -p 2222 my-odoo-18@ocore.example.com
root@my-odoo-18:~#

Shell Commands Available Inside Containers

Common commands you can run inside the container:

# View Odoo logs
tail -f /var/log/odoo/odoo.log

# Check running processes
ps aux | grep odoo

# View environment variables
env | grep ODOO

# Run Odoo scaffold (create a new module skeleton)
odoo scaffold my_module /mnt/extra-addons/

# Run Odoo shell (Python REPL connected to the database)
odoo shell -d odoo --no-http

# Check database connectivity
psql $DATABASE_URL -c "SELECT 1"

# View disk usage
df -h

# Check memory usage
free -m

Running Odoo Commands

Execute Odoo CLI commands directly:

# Update a specific module
odoo -u my_module -d odoo --stop-after-init

# Install a module
odoo -i new_module -d odoo --stop-after-init

# Run tests for a module
odoo -d odoo --test-enable --test-tags /my_module --stop-after-init

Production Caution

Running odoo -u or odoo -i in production can cause downtime. Use the deployment pipeline for production module updates. The SSH shell is best for development and debugging.

SCP/SFTP File Transfer

Transfer files to and from the instance container using SCP or SFTP:

Upload a File

scp -P 2222 local-file.py my-odoo-18@ocore.example.com:/mnt/extra-addons/my_module/

Download a File

scp -P 2222 my-odoo-18@ocore.example.com:/var/log/odoo/odoo.log ./odoo.log

SFTP Session

sftp -P 2222 my-odoo-18@ocore.example.com
sftp> ls /mnt/extra-addons/
sftp> get /var/log/odoo/odoo.log
sftp> put local-module.zip /tmp/

Rsync

For syncing directories:

rsync -avz -e "ssh -p 2222" ./my_module/ my-odoo-18@ocore.example.com:/mnt/extra-addons/my_module/

Session Limits and Security

Security Measures

MeasureDescription
Key-based auth onlyPasswords are not accepted on the SSH gateway
Audit loggingAll SSH sessions are recorded in the audit log
Instance isolationEach SSH session is confined to one container
Session recordingCommands executed are logged (configurable)
Idle timeoutInactive sessions are closed after a configurable period
Concurrent sessionsConfigurable maximum concurrent sessions per user

Who Can Access

SSH access requires:

  1. A registered SSH public key in the user's oCore account
  2. Membership in the organization that owns the instance
  3. At least view:instances permission (to resolve the instance slug)
  4. The instance must be in running status

Revoking SSH Access

  • Remove the user's SSH keys to prevent all SSH access
  • Remove the user from the organization
  • Change the user's role to one without instance access

Required Permissions

ActionPermission
Add/remove SSH keysmanage:ssh_keys (on own account)
View SSH keysview:ssh_keys
SSH into instancesOrganization membership + running instance

Troubleshooting

"Permission denied (publickey)"

  • Verify your SSH public key is registered in oCore: check Account Settings > SSH Keys
  • Ensure you are using the correct private key: ssh -p 2222 -i ~/.ssh/id_ed25519 slug@host
  • Check that the key type is supported (Ed25519, RSA 4096+, ECDSA)
  • Try with verbose mode to debug: ssh -p 2222 -v slug@ocore.example.com

"Connection refused" on port 2222

  • Verify the SSH gateway is enabled in your oCore deployment
  • Check that port 2222 is open in the server's firewall
  • Verify the oCore backend is running
  • Try telnet ocore.example.com 2222 to test raw connectivity

"Instance not found"

  • Verify the instance slug is correct (case-sensitive, lowercase)
  • Check that the instance is in running status
  • Ensure you are a member of the organization that owns the instance
  • The instance may have been deleted or renamed

SCP/SFTP failing

  • Use uppercase -P for port in SCP: scp -P 2222 (not lowercase -p)
  • Some SFTP clients require explicit port configuration
  • Check that the file path inside the container is correct
  • Verify disk space is available in the container

SSH session hangs or disconnects

  • Check your network connection stability
  • Increase SSH keepalive settings: add ServerAliveInterval 60 to ~/.ssh/config
  • The idle timeout may have closed the session -- reconnect
  • Check if the instance was restarted during the session
Was this page helpful?
Edit on GitHub

Webhooks

Create webhook endpoints, configure events, verify signatures, and troubleshoot delivery.

Tutorials

Step-by-step tutorials for common oCore workflows

On this page

SSH Key ManagementAdding an SSH KeySupported Key TypesImporting Keys from GitHubRemoving an SSH KeyListing Your KeysSSH Gateway ConfigurationHow the Gateway WorksConnection FormatSSH Config ShortcutConnecting via SSH to InstancesInteractive ShellShell Commands Available Inside ContainersRunning Odoo CommandsSCP/SFTP File TransferUpload a FileDownload a FileSFTP SessionRsyncSession Limits and SecuritySecurity MeasuresWho Can AccessRevoking SSH AccessRequired PermissionsTroubleshooting"Permission denied (publickey)""Connection refused" on port 2222"Instance not found"SCP/SFTP failingSSH session hangs or disconnects