Search code examples
sshgitlabcicd

Gitlab CI/CD issue with SSH config file

I am trying to deploy my first project to my production server. Here is the script for the deployment stage:

deploy_production:
  stage: deploy
  script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "ssh -p 69" "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    - ./vendor/bin/envoy run deploy
  environment:
    name: production
  when: manual
  only:
    - main

When I run the stage, I get this error :

[myServer@xxx.xxx.x.x]:  /home/php/.ssh/config: line 1: Bad configuration option: ssh
[myServer@xxx.xxx.x.x]:  /home/php/.ssh/config: terminating, 1 bad configuration options

[✗] This task did not complete successfully on one of your servers.

Why is it trying to access the SSH on this path :

/home/php/.ssh/config
Solution

  • Why is it trying to access the SSH on this path :

    This should be related to the account used by gitlab-ci: it is supposed to look for SSH settings in $HOME/.ssh: display first what $HOME is.

    If you look at the official documentation, you will see an SSH setup relies on proper rights associated to SSH folders/files:

    efore_script:
  ##
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  ##
  - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'

  ##
  ## Run ssh-agent (inside the build environment)
  ##
  - eval $(ssh-agent -s)

  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -

  ##
  ## Create the SSH directory and give it the right permissions
  ##
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh

    I mention before a chmod 400 my_private_key if you store a key in ~/.ssh.
    And to be safe, I would add a chmod 600 ~/.ssh/config.

    The point is: if the rights are to opened, SSH will refuse to operate.