{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 一夜七次 的问题《Gitlab CI/Docker: ssh-add keeps asking for passphr》','https://www.manongdao.com/q-1024891.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
What I'm currently trying to do, is triggering an script on a remote machine from the Gitlab CI/CD Docker container. The job is configured as follows:
stages:
- deploy
image: maven:3.3.9
server-deploy:
stage: deploy
allow_failure: false
script:
## Install ssh agent
- apt update && apt install openssh-client -y
- eval $(ssh-agent -s)
## Create SSH key file
- "echo \"-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACByjJBGT21Arna/pirWVXQqGAr/aszqQ5HzvrA2MzVDZAAAAJiGKEEKhihB
CgAAAAtzc2gtZWQyNTUxOQAAACByjJBGT21Arna/pirWVXQqGAr/aszqQ5HzvrA2MzVDZA
AAAEAKbObQgJGXbrKQt4wdCy3YQfpVBqkT5RNEt2IYU5pv3HKMkEZPbUCudr+mKtZVdCoY
Cv9qzOpDkfO+sDYzNUNkAAAAFHN2ZW5AREVTS1RPUC0xTjVKUjRSAQ==
-----END OPENSSH PRIVATE KEY-----\" > deploy-key"
## Fix permissions on key file and .ssh folder
- chmod 700 deploy-key; mkdir -p ~/.ssh; chmod 700 ~/.ssh
## Import SSH key
- ssh-add -k deploy-key
## Make sure that ssh will trust the new host, instead of asking
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
## Run script on the remote server
- ssh -t user@255.255.255.255 "./deploy-master"
(The SSH key is just a temporary one, specifically generated for the SO question) Now the job fails when it arrives at the "ssh-add -k deploy-key" command, asking for a passphrase, as such:
$ ssh-add -k deploy-key
Enter passphrase for deploy-key: ERROR: Job failed: exit code 1
The SSH key obviously has no passphrase attached to it, I can verify this by running the exact same commands on my own Linux machine, where they just work as they should.
So my question is: how can I prevent ssh-add from asking for a passphrase? And I'm also quite curious why this is only occurring on the Gitlab CI Docker container and not on my own PC.
Thanks in advance!
Okay, I got it working. It turns out that ssh-add is very picky about the format of the file and especially the newlines. The newlines in the .gitlab-ci.yml are not transferred directly to the command and so the key ended up being one big line.
Here is how I solved it:
This way the newlines in the file automatically get created, and now ssh-add pick up the format.