skip to Main Content

I’m stuck with this problem since 2 days.

Tried with id_rsa.pub and id_rsa from my production server, still the same error…
SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.

edit : not protected, not masked.

# This file is a template, and might need editing before it works on your project.
# Official framework image. Look for the different tagged releases at:
# https://hub.docker.com/r/library/node/tags/
image: node:alpine

stages:
  - deploy

deploy:
  stage: deploy
  before_script:
    # Install ssh-agent if not already installed, it is required by Docker.
    # (change apt-get to yum if you use a CentOS-based image)
    - 'which ssh-agent || ( apk add --update openssh )'

    # Add bash
    - apk add --update bash

    # Add git
    - apk add --update git

    # Run ssh-agent (inside the build environment)
    - eval $(ssh-agent -s)

    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    - echo "$SSH_PRIVATE_KEY"
    - echo "$SSH_PRIVATE_KEY" | ssh-add -

    # For Docker builds disable host key checking. Be aware that by adding that
    # you are suspectible to man-in-the-middle attacks.
    # WARNING: Use this only with the Docker executor, if you use it with shell
    # you will overwrite your user's SSH config.
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *ntStrictHostKeyChecking nonn" > ~/.ssh/config'
    # In order to properly check the server's host key, assuming you created the
    # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
    # instead.
    # - mkdir -p ~/.ssh
    # - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
  script:
  - npm i -g pm2
  - pm2 deploy ecosystem.config.js production
  only:
  - master

And when I run the pipeline, I still get this error…

$ echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format

Could you please help ? I’m helpless, clueless, hopeless loading…

Thanks very much !

5

Answers


  1. SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.

    This is documented here

    in the Value field paste the content of your private key that you created earlier.

    So make sure you have pasted the id_rsa full content, including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- (with 5 final -)
    (And, as MrDuk comments, a final newline)

    Stephane Paquet adds in the comments:

    cat ~/.ssh/id_rsa | pbcopy 
    

    to make sure you copy all the required information.

    Login or Signup to reply.
  2. Just as an FYI for anyone else doing this, I had the same problem but had missed the final dash off the END RSA PRIVATE KEY section. It must have 5 dashes as the dividers, apparently.

    Login or Signup to reply.
  3. Also just as an FYI, my issue was that my SSH key was an OpenSSH format key (ex. -----BEGIN OPENSSH PRIVATE KEY-----) instead of a PEM format key (-----BEGIN RSA PRIVATE KEY-----), if you want instructions on how to convert an OpenSSH key to a PEM key you can find the answer here: Openssh Private Key to RSA Private Key

    Login or Signup to reply.
  4. My solution was to change CI/CD Variable type from Variable to File.
    And instead of sourcing from the variable, did the sourcing from the file where SSH_PRIVATE_KEY is pointing

    chmod 600 $SSH_PRIVATE_KEY
    ssh-add $SSH_PRIVATE_KEY
    
    Login or Signup to reply.
  5. Sometimes the problem is the way how the gitlab handles the "n" in the string. So, instead o creating a variable with content of the private key ( a bunch of "n" ), convert it to base64 (no "n" characters):

    base64 -w 0 .ssh/id_rsa
    

    Then copy the output (don’t forget the "=") to your variable SSH_PRIVATE_KEY

    In the stage (gitlab-ci.yml):

    - echo $SSH_PRIVATE_KEY | base64 -d > rsa.key
    - ssh -i rsa user@host "echo hello world;"
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search