Deployment to Linux targets either with SSH "proxying" or using poling mode

Octopus supports SSH deployment targets for Linux VMs. However, this requires Octopus Server to have SSH access to that VM. This requirement is a major problem in our case, because if VM is hosted on clients’ side, they won’t agree to open SSH from our deploy server.

Are there any plans to have functionality like this:

  1. Some tentacles which are already in cllient’s infrastructure, might “proxyfy” SSH requrests to Linux VMs inside that infrastructure. In this case there is a higher chance that SSH traffic inside client’s network will be allowed.
  2. Linux “native” tentacle agent running in poling mode, so that it initiates connection to Octopus Server.

So to recap. We need to be able to run some deployment steps on Linux VMs (e.g. register service in load balancer), but we can’t have direct SSH connection from our deployment server to these VMs.

If there are any plans for that, when can we expect this feature to arrive?

Hi Dmitry,

Thanks for getting in touch! In Octopus version 3.4 we implemented Proxy support for Tentacles and SSH targets. We have a new documentation page that covers Proxies in Octopus:


SSH Targets
Configuring a proxy for a SSH Target works in essentially the same way as with a Listening Tentacle as described above. Simply configure up the proxy details via Environments > Proxies and then select the appropriate proxy in the SSH Target details screen.

We are planning to port everything to .NET Core in the future, one of our goals with this is to get Tentacle running on Linux. We are not too sure how long this will take us to do but it is something in the works.

Let me know if that helps.


Can we have SSH deployment target working in “poling mode” through proxy? Well, not strictly poling mode, of course, but in a way when connection is initiated inside the client’s network to the outside world (to our deployment server). :slight_smile: Is it a feature possible to implement? The thing is, configuring inbound access for our clients (which we have a lot) is a major problem, this takes a lot of time.

Hi Dmitry,

Unfortunately the communication with SSH for Octopus is unidirectional and can not be used to receive an inbound connection.

Hope that answers your question. :slight_smile:



This issue has been closed due to inactivity. If you encounter the same or a similar issue and require help, please open a new discussion (if we asked for logs or extra details in this thread, consider including them in the new thread). If you are the creator of this thread and believe it should not be closed let us know via our support email.