1

So I'm trying to setup CI/CD using GitLab to deploy my web application to DigitalOcean Droplet using SSH.

The problem I'm facing is that, GitLab script is unable to ssh to the server..whereas if I try from my PC, SSH works.

Here's the deploy job that is executed:

deploy:
  only:
    - master
  stage: deploy
  script:
    - apt-get update -qq
    - apt-get install -qq git
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - ls ~/.ssh/
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\t StrictHostKeyChecking no \n\n" > ~/.ssh/config'
    - ssh-keyscan 159.65.156.240 >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
    - ssh [email protected] -v - StrictHostKeyChecking=no 'cd ~/wikiquotesapp; git checkout master; git pull;  cd wiki-quotes-server; npm install; npm start:prod'

The variable $SSH_KEY has the content of the private key file. Here's the debug output.

$ mkdir -p ~/.ssh
$ chmod 700 ~/.ssh
$ echo "$SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null
Identity added: (stdin) ((stdin))
$ ls ~/.ssh/
$ [[ -f /.dockerenv ]] && echo -e "Host *\n\t StrictHostKeyChecking no \n\n" > ~/.ssh/config
$ ssh-keyscan 159.65.156.240 >> ~/.ssh/known_hosts
# 159.65.156.240:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
# 159.65.156.240:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
# 159.65.156.240:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
$ chmod 644 ~/.ssh/known_hosts
$ ssh [email protected] -v - StrictHostKeyChecking=no 'cd ~/wikiquotesapp; git checkout master; git pull;  cd wiki-quotes-server; npm install; npm start:prod'
OpenSSH_7.4p1 Debian-10+deb9u6, OpenSSL 1.0.2r  26 Feb 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 159.65.156.240 [159.65.156.240] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: SELinux support disabled
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 159.65.156.240:22 as 'goutam'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+g1ivOXzyPGG093s86TH/B1mEB46wVEgg9ES00vEDgg
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
ERROR: Job failed: exit code 1

debug output

Improve this question
4
  • Please edit your question to include the debug output as text. Don't use pictures of text when you can avoid it. Commented Jun 21, 2019 at 16:03
  • okay..I'll try and avoid uploading images next time Commented Jun 21, 2019 at 16:36
  • Do you have a passphrase on your private key? Obviously ssh attempts to promt for one: read_passphrase: can't open /dev/tty: No such device or address) Commented Jun 22, 2019 at 13:24
  • No I dont have any passphrase for the private key Commented Jun 23, 2019 at 1:16

1 Answer 1

Reset to default
3

The answer was pretty simple...I had forgot to add option -o StrictHostKeyChecking=no

So the final script looks like this..

deploy: 
only: - master 
stage: deploy
script: 
       - apt-get update -qq
       - apt-get install -qq git 
       - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) 
       - mkdir -p ~/.ssh
       - chmod 700 ~/.ssh
       - echo "$SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null 
       - '[[ -f /.dockerenv ]] && echo -e "Host *\n\t StrictHostKeyChecking no \n\n" > ~/.ssh/config' 
       - ssh-keyscan 159.65.156.240 >> ~/.ssh/known_hosts
       - chmod 644 ~/.ssh/known_hosts
       - ssh [email protected] -t -t -o StrictHostKeyChecking=no 'cd ~/wikiquotesapp; git checkout master; git pull; cd wiki-quotes-server; npm install; npm start:prod'```
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for this - this solved my problem. One note for anyone else looking at this though: the tutorial I followed had the StrictHostKeyChecking already on the line starting with '[[ -f /.dockerenv ]] but DID NOT have it on the last line (starting with ssh goutam@). It was that second place that fixed it for me

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.