I’m stuck with this problem since 2 days.
Tried with id_rsa.pub and id_rsa from my production server, still the same error…
SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.
edit : not protected, not masked.
# This file is a template, and might need editing before it works on your project.
# Official framework image. Look for the different tagged releases at:
# https://hub.docker.com/r/library/node/tags/
image: node:alpine
stages:
- deploy
deploy:
stage: deploy
before_script:
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
- 'which ssh-agent || ( apk add --update openssh )'
# Add bash
- apk add --update bash
# Add git
- apk add --update git
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- echo "$SSH_PRIVATE_KEY"
- echo "$SSH_PRIVATE_KEY" | ssh-add -
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *ntStrictHostKeyChecking nonn" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
script:
- npm i -g pm2
- pm2 deploy ecosystem.config.js production
only:
- master
And when I run the pipeline, I still get this error…
$ echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format
Could you please help ? I’m helpless, clueless, hopeless loading…
Thanks very much !
5
Answers
This is documented here
So make sure you have pasted the
id_rsa
full content, including-----BEGIN RSA PRIVATE KEY-----
and-----END RSA PRIVATE KEY-----
(with 5 final-
)(And, as MrDuk comments, a final newline)
Stephane Paquet adds in the comments:
Just as an FYI for anyone else doing this, I had the same problem but had missed the final dash off the END RSA PRIVATE KEY section. It must have 5 dashes as the dividers, apparently.
Also just as an FYI, my issue was that my SSH key was an OpenSSH format key (ex.
-----BEGIN OPENSSH PRIVATE KEY-----
) instead of a PEM format key (-----BEGIN RSA PRIVATE KEY-----
), if you want instructions on how to convert an OpenSSH key to a PEM key you can find the answer here: Openssh Private Key to RSA Private KeyMy solution was to change CI/CD Variable type from
Variable
toFile
.And instead of sourcing from the variable, did the sourcing from the file where
SSH_PRIVATE_KEY
is pointingSometimes the problem is the way how the gitlab handles the "n" in the string. So, instead o creating a variable with content of the private key ( a bunch of "n" ), convert it to base64 (no "n" characters):
Then copy the output (don’t forget the "=") to your variable SSH_PRIVATE_KEY
In the stage (gitlab-ci.yml):