[SOLVED] SSH with gitlab and docker executor

Issue

I am trying to deploy with GitLab pipeline java app on my localvm the runner uses docker and I am getting this error
[email protected]: Permission denied (publickey,password). Cleaning up project directory and file based variables
this the YAML file deploy stage
public key is my vm public key
private key is my vm private key
server hostkeys ssh-keyscan -t rsa 192.168.124.149

deploy_production:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add openssh-client
    - mkdir -p ~/.ssh
    - echo "$SSH_PRIVATE_KEY"  > ~/.ssh/id_rsa
    - echo "$SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
    - chmod 600 ~/.ssh/id_rsa
    - chmod 644 ~/.ssh/id_rsa.pub
    - eval "$(ssh-agent -s)"
    - ssh-add ~/.ssh/id_rsa
    - echo "$SSH_SERVER_HOSTKEYS" >> ~/.ssh/known_hosts
    - echo ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
    - chmod 644 ~/.ssh/known_hosts

  script:
    - ssh  -v -o StrictHostKeyChecking=no [email protected]  "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"  # 

I tried the GitLab documentation and it's not helping

Solution

This problem may be related to the permissions of the authorized_keys file located on the user home folder ~/.ssh/.

Once you've verified your permissions are correct, you can fix this like so:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

---

Also a good practice, is to create a user that is dedicated for the deployment task and not use some sudo user for security purpose ( as youre using your personal user aminech ). For this you need to :

Create a deployer user :

$ sudo adduser deployer

Add the user to the Docker group :

$ sudo usermod -aG docker deployer

Set up an SSH key for this user :

# Switch to deployer user
$ su deployer

# Generate the key
$ ssh-keygen -b 4096

# Append the public key to the authorized_keys file
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Lastly you need to adjust the permissions to avoid the Permission denied (publickey,password) error :

# Exit deployer user
$ exit

# Set up the permissions
$ sudo chmod 700 /home/deployer/.ssh
$ sudo chmod 600 /home/deployer/.ssh/authorized_keys
$ sudo chown -R deployer:docker /home/deployer/.ssh

By this your you can get ride of the before_script section, (dont forget to update the $SSH_PRIVATE_KEY variable with the private key of the deployer user) and just use :

. . .
deploy:
  image: alpine:latest
  stage: deploy
  script:
    - chmod og= $SSH_PRIVATE_KEY
    - apk update && apk add openssh-client
    - ssh -i $SSH_PRIVATE_KEY -o StrictHostKeyChecking=no deployer@$SERVER_IP "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"

Answered By - EnergY

Answer Checked By - Marie Seifert (WPSolving Admin)