问题描述
我遵循此link尝试通过SSH到Gitlab-CI中的服务器。对于SSH密钥,我进入了服务器,并生成了公共和私有密钥。私钥被提取到GitLab CI / CD env变量中。
YAML模板如下,主要从链接中复制。
image: docker:19.03.8
services:
- docker:19.03.8-dind
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
但是,我在尝试访问私钥时遇到错误。
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet,disable method
debug3: authmethod_lookup password
debug3: remaining preferred:,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: send packet: type 50
debug2: we sent a password packet,wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied,please try again.
如果有帮助,我正在使用gitlab共享运行程序。
[更新]
忘记将其添加到要连接的服务器中,我将生成的id_rsa.pub的公钥添加到authorized_keys文件中。
[编辑1]
根据建议,我使用ssh-keyscan添加了已知主机,以将输出复制为变量$ SSH_KNowN_HOSTS。在更新的yaml文件下面。但是我遇到了同样的错误。
deployment:
variables:
ip: <ip-address>
script:
- apk add --update openssh-client sshpass
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- touch ~/.ssh/kNown_hosts
- echo "$SSH_KNowN_HOSTS" >> ~/.ssh/kNown_hosts
- chmod 644 ~/.ssh/kNown_hosts
- export SSHPASS=$AWS_PASSWORD
- sshpass -e ssh -o StrictHostKeyChecking=no -vvv ubuntu@$ip echo testing
解决方法
我不确定sshpass,因为我通常使用公用/专用密钥。这是我将设置为在远程服务器上运行SCP / SSH命令的工作示例:
deploy:
stage: deploy
variables:
hostname: app-dev
before_script:
# optional step if you decide to use a hostname instead of IP address
- cp -f ./network/etc/hosts /etc/hosts
# Setup SSH
- which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
- eval $(ssh-agent -s)
- ssh-add <(cat $SSH_PRIVATE_KEY)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $HOSTNAME >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
# Copy files and execute commands
- scp ./scripts/install_package.sh root@$HOSTNAME:/tmp/deploy
- ssh root@$HOSTNAME "/tmp/deploy/install_package.sh && exit"
运行之前,您需要执行以下操作:
- 使用
ssh-keygen生成ssh密钥对。不要使用密码短语。公钥以.pub结尾,私钥没有扩展名。 - SSH到远程服务器上,将 public 密钥的内容复制到
~/.ssh/authorized_keys - 将私钥的内容复制到名为
SSH_PRIVATE_KEY的GitLab File Environment Variables - 如果使用
$HOSTNAME环境变量,请在管道中定义该变量,并将IP /主机名添加到管道容器中的/etc/hosts文件中。否则,只需使用IP地址即可。