GitLab CI: SSH 失败,无法验证私钥
GitLab CI: SSH fail, unable to authenticate private key
我按照这个 link 尝试通过 SSH 连接到我在 Gitlab 中的服务器-CI。对于 SSH 密钥,我进入了服务器,并生成了 public 和私钥。私钥被提取到 GitLab CI/CD 环境变量中。
YAML 模板如下,大部分复制自 link.
image: docker:19.03.8
services:
- docker:19.03.8-dind
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
但是,我在尝试访问私钥时遇到错误。
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
我正在使用 gitlab 共享运行器,如果有帮助的话。
[更新]
忘记在我要连接的服务器中添加,我将 id_rsa.pub 生成的 public 密钥添加到 authorized_keys 文件中。
[编辑 1]
按照建议,我使用 ssh-keyscan 添加了已知主机,将输出复制为变量 $SSH_KNOWN_HOSTS。在更新的 yaml 文件下方。但是我遇到了同样的错误。
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- touch ~/.ssh/known_hosts
- echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
我不确定 sshpass,因为我通常使用 public/private 键。这是我将在远程服务器上设置为 运行 SCP/SSH 命令的作业示例:
deploy:
stage: deploy
variables:
hostname: app-dev
before_script:
# optional step if you decide to use a hostname instead of IP address
- cp -f ./network/etc/hosts /etc/hosts
# Setup SSH
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- ssh-add <(cat $SSH_PRIVATE_KEY)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
# Copy files and execute commands
- scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
- ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"
在 运行管道之前,您需要执行以下操作:
- 使用
ssh-keygen 生成 ssh 密钥对。不要使用密码。 Public 密钥以 .pub 结尾,私钥没有扩展名。
- SSH 到远程服务器,将 public 密钥的内容复制到
~/.ssh/authorized_keys
- 将您的私钥内容复制到名为
SSH_PRIVATE_KEY 的 GitLab File Environment Variables
- 如果您使用
$HOSTNAME 环境变量,请在管道中定义变量并将 IP/hostname 添加到管道容器中的 /etc/hosts 文件中。否则,只需使用 IP 地址即可。
我按照这个 link 尝试通过 SSH 连接到我在 Gitlab 中的服务器-CI。对于 SSH 密钥,我进入了服务器,并生成了 public 和私钥。私钥被提取到 GitLab CI/CD 环境变量中。
YAML 模板如下,大部分复制自 link.
image: docker:19.03.8
services:
- docker:19.03.8-dind
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
但是,我在尝试访问私钥时遇到错误。
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
我正在使用 gitlab 共享运行器,如果有帮助的话。
[更新]
忘记在我要连接的服务器中添加,我将 id_rsa.pub 生成的 public 密钥添加到 authorized_keys 文件中。
[编辑 1]
按照建议,我使用 ssh-keyscan 添加了已知主机,将输出复制为变量 $SSH_KNOWN_HOSTS。在更新的 yaml 文件下方。但是我遇到了同样的错误。
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- touch ~/.ssh/known_hosts
- echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
我不确定 sshpass,因为我通常使用 public/private 键。这是我将在远程服务器上设置为 运行 SCP/SSH 命令的作业示例:
deploy:
stage: deploy
variables:
hostname: app-dev
before_script:
# optional step if you decide to use a hostname instead of IP address
- cp -f ./network/etc/hosts /etc/hosts
# Setup SSH
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- ssh-add <(cat $SSH_PRIVATE_KEY)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
# Copy files and execute commands
- scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
- ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"
在 运行管道之前,您需要执行以下操作:
- 使用
ssh-keygen生成 ssh 密钥对。不要使用密码。 Public 密钥以.pub结尾,私钥没有扩展名。 - SSH 到远程服务器,将 public 密钥的内容复制到
~/.ssh/authorized_keys - 将您的私钥内容复制到名为
SSH_PRIVATE_KEY 的 GitLab File Environment Variables
- 如果您使用
$HOSTNAME环境变量,请在管道中定义变量并将 IP/hostname 添加到管道容器中的/etc/hosts文件中。否则,只需使用 IP 地址即可。