I have an gitlab-ci
script that connects to the production server and does a git pull
when I merge something to master branch automatically:
stages:
- deploy
deploy_job:
stage: deploy
before_script:
- sudo apt-get update -y && sudo apt-get install -y openssh-client
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
- echo "${SSH_PRIVATE_KEY}" | tr -d 'r' > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- chmod 700 ~/.ssh
- echo -e "Host gitlab.comntStrictHostKeyChecking non" >> ~/.ssh/config
- echo "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtP6AroDQ7T/E9y6eGRc+ItY63To0KDKdsK9i8Yh5Po" >> ~/.ssh/known_hosts
- ssh-keyscan 37.152.183.15 >> ~/.ssh/known_hosts
- git config --global url."[email protected]:".insteadOf "https://gitlab.com/"
script:
- whoami
- echo "Deploying to server.."
- ssh -o StrictHostKeyChecking=no [email protected]... "cd /var/www/api && git pull origin master && php artisan optimize"
only:
- master
It throws the following error and the job fails:
[email protected]…: Permission denied (publickey,password).
As you can see, there is something wrong in the ssh public/private keys setup or probably user ownership/accessibilities. It should be noted that the gitlab-runner service is also installed on the production server.
Also, here is the result of ssh -v ..
:
Running with gitlab-runner 17.2.0 (6428c288)
on LocalServerRunner L34FupsQ_, system ID: s_e5cdc22f89be
Preparing the "shell" executor
Using Shell (bash) executor...
Preparing environment
Running on ubuntu-g2-medium6-simin-1...
Getting source from Git repository
Fetching changes with git depth set to 20...
Reinitialized existing Git repository in /home/ubuntu/builds/L34FupsQ_/0/arshiyanfar/website-back-new/.git/
Checking out 31d5304f as detached HEAD (ref is master)...
Skipping Git submodules setup
Executing "step_script" stage of the job script
$ sudo apt-get update -y && sudo apt-get install -y openssh-client
Hit:1 http://nova.clouds.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Ign:3 https://packages.gitlab.com/runner/gitlab-runner/debian stable InRelease
Hit:4 https://dl.yarnpkg.com/debian stable InRelease
Err:5 https://packages.gitlab.com/runner/gitlab-runner/debian stable Release
404 Not Found [IP: 172.64.148.245 443]
Hit:6 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:7 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists...
E: The repository 'https://packages.gitlab.com/runner/gitlab-runner/debian stable Release' does not have a Release file.
W: https://dl.yarnpkg.com/debian/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
$ eval $(ssh-agent -s)
Agent pid 34508
$ mkdir -p ~/.ssh
$ echo "${SSH_PRIVATE_KEY}" | tr -d 'r' > ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa
$ chmod 700 ~/.ssh
$ echo -e "Host gitlab.comntStrictHostKeyChecking non" >> ~/.ssh/config
$ echo "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtP6AroDQ7T/E9y6eGRc+ItY63To0KDKdsK9i8Yh5Po" >> ~/.ssh/known_hosts
$ ssh-keyscan 37.152.183.15 >> ~/.ssh/known_hosts
# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
$ git config --global url."[email protected]:".insteadOf "https://gitlab.com/"
$ whoami
gitlab-runner
$ echo "Deploying to server.."
Deploying to server..
$ ssh -o StrictHostKeyChecking=no -v [email protected] "cd /var/www/api && git pull origin master && php artisan optimize"
OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/gitlab-runner/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 37.152.183.15 [37.152.183.15] port 22.
debug1: Connection established.
debug1: identity file /home/gitlab-runner/.ssh/id_rsa type 0
debug1: identity file /home/gitlab-runner/.ssh/id_rsa-cert type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ed25519 type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ed25519-cert type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ed25519_sk type -1
debug1: identity file /home/gitlab-runner/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/gitlab-runner/.ssh/id_xmss type -1
debug1: identity file /home/gitlab-runner/.ssh/id_xmss-cert type -1
debug1: identity file /home/gitlab-runner/.ssh/id_dsa type -1
debug1: identity file /home/gitlab-runner/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 37.152.183.15:22 as 'ubuntu'
debug1: load_hostkeys: fopen /home/gitlab-runner/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:h0MMC0r0V2etzC5qlBEew/Qy+u0IySIX0HBHxRoH5N0
debug1: load_hostkeys: fopen /home/gitlab-runner/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '37.152.183.15' is known and matches the ED25519 host key.
debug1: Found key in /home/gitlab-runner/.ssh/known_hosts:4
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_rsa RSA SHA256:FGct1vfxbsrUfy6fpDynPY6GlIMo+V+gpmIuL+LXDE0
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ecdsa
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ed25519
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_xmss
debug1: Will attempt key: /home/gitlab-runner/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gitlab-runner/.ssh/id_rsa RSA SHA256:FGct1vfxbsrUfy6fpDynPY6GlIMo+V+gpmIuL+LXDE0
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/gitlab-runner/.ssh/id_ecdsa
debug1: Trying private key: /home/gitlab-runner/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/gitlab-runner/.ssh/id_ed25519
debug1: Trying private key: /home/gitlab-runner/.ssh/id_ed25519_sk
debug1: Trying private key: /home/gitlab-runner/.ssh/id_xmss
debug1: Trying private key: /home/gitlab-runner/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,password).
Cleaning up project directory and file based variables
ERROR: Job failed: exit status 1
Any idea what should I do?
2
Answers
The mistake shows that it is the failure of SSH key authentication. Make sure the SSH_PRIVATE_KEY environment variable in GitLab CI/CD settings has the correct private key In PEM format.
Ensure that you have granted your private key with the proper permissions; you can run
Also Confirm if the SSH key is correctly added to the SSH agent. After starting the agent, add a private key explicitly
Try to run below code as before script , Putting it in html for better readability. Let me know if that works for you.
It seems the server is not recognizing the ssh key. Does the connection go through locally?
Make sure the permissions on the server of your .ssh folder, and authorized_keys file is correct, and that authorized_keys doesn’t have any random linebreaks in the public key.