Trouble using scp and ssh keys
I've configured the following .gitlab-ci.yml
variables:
DOCKER_DRIVER: overlay
SPRING_PROFILES_ACTIVE: prod
cache:
paths:
- .m2/repository
stages:
- build
- package
- deploy
maven-build:
image: maven:3-jdk-8
stage: build
only:
- master
- triggers
script: "mvn -Pprod clean package -DskipTests"
artifacts:
paths:
- target/*.war
scp-deploy:
stage: deploy
only:
- master
- triggers
script:
- mkdir -p ~/.ssh
- echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa && chmod 700 ~/.ssh
- scp target/*.war user@example.com:.
before_script:
# cfr. https://docs.gitlab.com/ee/ci/ssh_keys/README.html
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
#- mkdir -p ~/.ssh
#- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'The private/public key have been generated offline on my pc.
The id_rsa content is copied into SSH_PRIVATE_KEY
The id_rsa.pub has been appended into .ssh/authorized_keys of the destination server.
(Copying $SSH_PRIVATE_KEY into the .ssh/id_rsa is redundant and obviously didn't solve the problem)
But i get the following
Running with gitlab-ci-multi-runner 9.0.1 (a3da309)
on docker-auto-scale (e11ae361)
Using Docker executor with image ruby:2.1 ...
Using docker image sha256:85397cb441d7eaa2e5b50a8131cf788f774871c71cfd328b67608952f63ced5b ID=sha256:85397cb441d7eaa2e5b50a8131cf788f774871c71cfd328b67608952f63ced5b for predefined container...
Pulling docker image ruby:2.1 ...
Using docker image ruby:2.1 ID=sha256:1efe8b79554b16bff7afd21b0bf4b54c643b351f83b15549dc93b0c1dd30c6d8 for build container...
Running on runner-e11ae361-project-2943255-concurrent-0 via runner-e11ae361-machine-1492809018-88e88552-digital-ocean-2gb...
Cloning repository...
Cloning into '/builds/groupname/project'...
Checking out 5f07e984 as master...
Skipping Git submodules setup
Downloading artifacts for maven-build (14805804)...
Downloading artifacts from coordinator... ok id=14805804 responseStatus=200 OK token=6YtmLoQy
Checking cache for default...
Successfully extracted cache
$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
/usr/bin/ssh-agent
$ eval $(ssh-agent -s)
Agent pid 10
$ ssh-add <(echo "$SSH_PRIVATE_KEY")
Identity added: /dev/fd/63 (rsa w/o comment)
$ mkdir -p ~/.ssh
$ [[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
$ mkdir -p ~/.ssh
$ echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
$ chmod 600 ~/.ssh/id_rsa && chmod 700 ~/.ssh
$ scp target/*.war user@example.com:.
Warning: Permanently added the ECDSA host key for IP address '5.196.13.53' to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
lost connection
ERROR: Job failed: exit code 1How should I configure it?