GitLab CI: SSH 失败,无法验证私钥

GitLab CI: SSH fail, unable to authenticate private key

我按照这个 link 尝试通过 SSH 连接到我在 Gitlab 中的服务器-CI。对于 SSH 密钥,我进入了服务器,并生成了 public 和私钥。私钥被提取到 GitLab CI/CD 环境变量中。

YAML 模板如下,大部分复制自 link.

    image: docker:19.03.8
      services:
        - docker:19.03.8-dind

    deployment:
      variables:
        ip: <ip-address>
      script:
        - apk add --update openssh-client sshpass
        - eval $(ssh-agent -s)
        - echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
        - mkdir -p ~/.ssh
        - chmod 700 ~/.ssh
        - export SSHPASS=$AWS_PASSWORD
        - sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing

但是,我在尝试访问私钥时遇到错误。

    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /root/.ssh/id_rsa
    debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
    debug1: Trying private key: /root/.ssh/id_dsa
    debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
    debug1: Trying private key: /root/.ssh/id_ecdsa
    debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
    debug1: Trying private key: /root/.ssh/id_ed25519
    debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
    debug1: Trying private key: /root/.ssh/id_xmss
    debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred: ,password
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    debug3: send packet: type 50
    debug2: we sent a password packet, wait for reply
    debug3: receive packet: type 51
    debug1: Authentications that can continue: publickey,password
    Permission denied, please try again.

我正在使用 gitlab 共享运行器,如果有帮助的话。

[更新]

忘记在我要连接的服务器中添加,我将 id_rsa.pub 生成的 public 密钥添加到 authorized_keys 文件中。

[编辑 1]

按照建议,我使用 ssh-keyscan 添加了已知主机,将输出复制为变量 $SSH_KNOWN_HOSTS。在更新的 yaml 文件下方。但是我遇到了同样的错误。

    deployment:
      variables:
        ip: <ip-address>
      script:
        - apk add --update openssh-client sshpass
        - eval $(ssh-agent -s)
        - echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
        - mkdir -p ~/.ssh
        - chmod 700 ~/.ssh
        - touch ~/.ssh/known_hosts
        - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        - chmod 644 ~/.ssh/known_hosts
        - export SSHPASS=$AWS_PASSWORD
        - sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing

我不确定 sshpass,因为我通常使用 public/private 键。这是我将在远程服务器上设置为 运行 SCP/SSH 命令的作业示例:

deploy:
  stage: deploy
variables:
  hostname: app-dev
before_script:
  # optional step if you decide to use a hostname instead of IP address
  - cp -f ./network/etc/hosts /etc/hosts
  # Setup SSH
  - which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
  - eval $(ssh-agent -s)
  - ssh-add <(cat $SSH_PRIVATE_KEY)
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
script:
  # Copy files and execute commands
  - scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
  - ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"

运行管道之前,您需要执行以下操作:

  1. 使用 ssh-keygen 生成 ssh 密钥对。不要使用密码。 Public 密钥以 .pub 结尾,私钥没有扩展名。
  2. SSH 到远程服务器,将 public 密钥的内容复制到 ~/.ssh/authorized_keys
  3. 将您的私钥内容复制到名为 SSH_PRIVATE_KEY
  4. 的 GitLab File Environment Variables
  5. 如果您使用 $HOSTNAME 环境变量,请在管道中定义变量并将 IP/hostname 添加到管道容器中的 /etc/hosts 文件中。否则,只需使用 IP 地址即可。