本文介绍了Gitlab CI / Docker:ssh-add不断询问密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在尝试从Gitlab CI / CD Docker容器中触发远程计算机上的脚本。作业配置如下:

What I'm currently trying to do, is triggering an script on a remote machine from the Gitlab CI/CD Docker container. The job is configured as follows:

stages:
  - deploy

image: maven:3.3.9

server-deploy:
  stage: deploy
  allow_failure: false
  script:
    ## Install ssh agent
    - apt update && apt install openssh-client -y
    - eval $(ssh-agent -s)
    ## Create SSH key file
    - "echo \"-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACByjJBGT21Arna/pirWVXQqGAr/aszqQ5HzvrA2MzVDZAAAAJiGKEEKhihB
CgAAAAtzc2gtZWQyNTUxOQAAACByjJBGT21Arna/pirWVXQqGAr/aszqQ5HzvrA2MzVDZA
AAAEAKbObQgJGXbrKQt4wdCy3YQfpVBqkT5RNEt2IYU5pv3HKMkEZPbUCudr+mKtZVdCoY
Cv9qzOpDkfO+sDYzNUNkAAAAFHN2ZW5AREVTS1RPUC0xTjVKUjRSAQ==
-----END OPENSSH PRIVATE KEY-----\" > deploy-key"
    ## Fix permissions on key file and .ssh folder
    - chmod 700 deploy-key; mkdir -p ~/.ssh; chmod 700 ~/.ssh
    ## Import SSH key
    - ssh-add -k deploy-key
    ## Make sure that ssh will trust the new host, instead of asking
    - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
    ## Run script on the remote server
    - ssh -t [email protected] "./deploy-master"

(SSH密钥只是临时密钥,专门为SO问题生成)
现在,当作业到达 ssh- add -k deploy-key命令,要求输入密码,例如:

(The SSH key is just a temporary one, specifically generated for the SO question)Now the job fails when it arrives at the "ssh-add -k deploy-key" command, asking for a passphrase, as such:

$ ssh-add -k deploy-key
Enter passphrase for deploy-key: ERROR: Job failed: exit code 1

SSH密钥显然没有附加任何密码,我可以通过在自己的Linux机器上运行完全相同的命令来验证这一点,这些命令可以正常工作。

The SSH key obviously has no passphrase attached to it, I can verify this by running the exact same commands on my own Linux machine, where they just work as they should.

问题是:如何防止ssh-add要求输入密码?而且我也很好奇为什么这只发生在Gitlab CI Docker容器上而不是在我自己的PC上。

So my question is: how can I prevent ssh-add from asking for a passphrase? And I'm also quite curious why this is only occurring on the Gitlab CI Docker container and not on my own PC.

在此先感谢!

推荐答案

好的,我知道了。事实证明,ssh-add对文件的格式特别是换行符非常挑剔。 .gitlab-ci.yml中的换行没有直接传送到命令,因此密钥最终变成了一条大行。

Okay, I got it working. It turns out that ssh-add is very picky about the format of the file and especially the newlines. The newlines in the .gitlab-ci.yml are not transferred directly to the command and so the key ended up being one big line.

这是我解决的方法:

- echo -----BEGIN OPENSSH PRIVATE KEY----- >> deploy-key
- echo b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW >> deploy-key
- echo QyNTUxOQAAACByjJBGT21Arna/pirWVXQqGAr/aszqQ5HzvrA2MzVDZAAAAJiGKEEKhihB >> deploy-key
- echo CgAAAAtzc2gtZWQyNTUxOQAAACByjJBGT21Arna/pirWVXQqGAr/aszqQ5HzvrA2MzVDZA >> deploy-key
- echo AAAEAKbObQgJGXbrKQt4wdCy3YQfpVBqkT5RNEt2IYU5pv3HKMkEZPbUCudr+mKtZVdCoY >> deploy-key
- echo Cv9qzOpDkfO+sDYzNUNkAAAAFHN2ZW5AREVTS1RPUC0xTjVKUjRSAQ== >> deploy-key
- echo -----END OPENSSH PRIVATE KEY----- >> deploy-key

这样可以自动创建文件中的换行符,现在通过ssh-add即可格式。

This way the newlines in the file automatically get created, and now ssh-add pick up the format.

这篇关于Gitlab CI / Docker:ssh-add不断询问密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-03 15:18