Gitlab CI/CD issue with SSH config file

ssh gitlab cicd

I am trying to deploy my first project to my production server. Here is the script for the deployment stage:

deploy_production:
  stage: deploy
  script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "ssh -p 69" "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    - ./vendor/bin/envoy run deploy
  environment:
    name: production
  when: manual
  only:
    - main

When I run the stage, I get this error :

[[email protected]]:  /home/php/.ssh/config: line 1: Bad configuration option: ssh
[[email protected]]:  /home/php/.ssh/config: terminating, 1 bad configuration options

[✗] This task did not complete successfully on one of your servers.

Why is it trying to access the SSH on this path :

/home/php/.ssh/config

Solution 1:

Why is it trying to access the SSH on this path :

This should be related to the account used by gitlab-ci: it is supposed to look for SSH settings in $HOME/.ssh: display first what $HOME is.

If you look at the official documentation, you will see an SSH setup relies on proper rights associated to SSH folders/files:

efore_script:
  ##
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  ##
  - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'

  ##
  ## Run ssh-agent (inside the build environment)
  ##
  - eval $(ssh-agent -s)

  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -

  ##
  ## Create the SSH directory and give it the right permissions
  ##
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh

I mention before a chmod 400 my_private_key if you store a key in ~/.ssh.
And to be safe, I would add a chmod 600 ~/.ssh/config.

The point is: if the rights are to opened, SSH will refuse to operate.

Related

Failed to prepare device for development. XCode 13.2.1, iOS 15.1
Trying to figure out how to add a string character to a string array using .Where
How to turn str into class
What is meant as by an external source in JavaScript?
What are the configs to import/export with typescript in node?
Snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
Prometheus on GKE to monitor Strimzi Kafka - how to get the Prometheus Pod IP
How to open spark web ui while running pyspark code in pycharm?
Select top 2 sold products for each month in each department
How to extract samples from a Tensorflow Dataset which have the same label?
run solidity code after every x amount of time
How do I register and log-in a User in django-rest-framework?