我关注了这个link尝试通过 SSH 连接到我在 Gitlab-CI 中的服务器。对于 SSH key ,我进入了服务器,并生成了公钥和私钥。私钥被提取到 GitLab CI/CD 环境变量中。
YAML 模板如下,主要从链接复制。
image: docker:19.03.8
services:
- docker:19.03.8-dind
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
但是,我在尝试访问私钥时遇到错误。
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
如果有帮助的话,我正在使用 gitlab 共享运行器。
[更新]
忘记在我要连接的服务器中添加,我将生成的公钥 id_rsa.pub 添加到 authorized_keys 文件中。
[编辑 1]
按照建议,我使用 ssh-keyscan 添加了已知主机,将输出复制为变量 $SSH_KNOWN_HOSTS。在更新的 yaml 文件下方。但是我遇到了同样的错误。
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- touch ~/.ssh/known_hosts
- echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
最佳答案
我不确定 sshpass,因为我通常使用公钥/私钥。这是我将设置为在远程服务器上运行 SCP/SSH 命令的作业示例:
deploy:
stage: deploy
variables:
hostname: app-dev
before_script:
# optional step if you decide to use a hostname instead of IP address
- cp -f ./network/etc/hosts /etc/hosts
# Setup SSH
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- ssh-add <(cat $SSH_PRIVATE_KEY)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
# Copy files and execute commands
- scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
- ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"
在运行管道之前,您需要执行以下操作:
- 使用
ssh-keygen生成 ssh key 对。不要使用密码。公钥以.pub结尾,私钥没有扩展名。 - SSH 到远程服务器,将public key 的内容复制到
~/.ssh/authorized_keys - 将您的私钥内容复制到 GitLab File Environment Variables称为
SSH_PRIVATE_KEY - 如果您使用
$HOSTNAME环境变量,请在您的管道中定义该变量并将 IP/主机名添加到管道容器中的/etc/hosts文件中。否则,只需使用 IP 地址即可。
关于ssh - GitLab CI : SSH fail, 无法验证私钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63461137/