error in libcrypto, loading ssh key from an environment variable #21481
Replies: 11 comments 3 replies
-
You should report this to the ssh project not OpenSSL. They are completely different. |
Beta Was this translation helpful? Give feedback.
-
Hi @ctaque have you fixed this issue in Gitlab CI? I met the same issue if you have some solution, thanks. |
Beta Was this translation helpful? Give feedback.
-
yes : before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client wget gnupg -y )'
- wget -qO- https://get.docker.com/gpg | apt-key add -
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- touch ~/.ssh/config
- touch ~/.ssh/known_hosts
- chmod -R 400 ~/.ssh
- ssh-keyscan ip >> ~/.ssh/known_hosts
- '[[ -f /.dockerinit ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' create a variable SSH_PRIVATE_KEY with the content of your key (add an empty line at the end) That being said, I could'nt make it work with a runner running on my development machine. |
Beta Was this translation helpful? Give feedback.
-
I'm running into the same problem. I'm using my own ubuntu docker executor. However, the given solution doesn't seem to work for me. |
Beta Was this translation helpful? Give feedback.
-
It may depend on the image used, in my case: image:
name: debian:stretch
entrypoint: [ '/bin/bash', '-c', 'ln -snf /bin/bash /bin/sh && /bin/bash -c $0' ] |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Solved problem with Gitlab CI. Looks like if store key value like simple variable, Gitlab removes all line breaks from it. But if store key like file variable, it doesn't. So storing key like file variable works for me. |
Beta Was this translation helpful? Give feedback.
-
Hey guys, for future readers.
Then everything works fine. Also use this as the base
|
Beta Was this translation helpful? Give feedback.
-
Thank you soooo muuuch!!! I want just connect ssh but none in documentation is working, removing the docker config I use this way: before_script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$ID_RSA" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- touch ~/.ssh/config
- touch ~/.ssh/known_hosts
- chmod -R 400 ~/.ssh |
Beta Was this translation helpful? Give feedback.
-
When I follow the official guide (https://docs.gitlab.com/ee/ci/ssh_keys/) I cannot get things to work. But changing the variable type from stages:
- deploy
deploy:
stage: deploy
image: ubuntu
before_script:
- echo "deploying app"
##
## Install ssh-agent if not already installed, it is required by Docker.
## (change apt-get to yum if you use an RPM-based image)
##
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'
##
## Run ssh-agent (inside the build environment)
##
- eval $(ssh-agent -s)
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
##
## Create the SSH directory and give it the right permissions
##
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
##
## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
## with your own domain name. You can copy and repeat that command if you have
## more than one server to connect to.
##
- ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- ssh $SSH_USERNAME@$SSH_HOST
# Script to run on remote server
- ls |
Beta Was this translation helpful? Give feedback.
-
I could solve the issue with adding a newline at the end of the private key. Variable type is set to "file". Here's the relevant part of my .gitlab-ci.yaml
Have a look at https://docs.gitlab.com/ee/ci/ssh_keys/ |
Beta Was this translation helpful? Give feedback.
-
Operating system :
environment: docker
image: ubuntu:kinetic
openssl version 3.0.3
libssl-dev installed
I'm doing:
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
or
ssh-add ~/.ssh/id_rsa
What I get :
I'm loading an ssh private key from a Gitlab CI variable.
I tried adding a newline at the end of the variable like so:
The key can be imported in the key store in the host operating system
related SO issue :
https://stackoverflow.com/questions/74183218/gilab-ci-load-ssh-key-from-environment-variable
It may be more a usage issue rather than a bug. I've spent the day trying to solve this and would appreciate a little help.
I can do anything you need
Beta Was this translation helpful? Give feedback.
All reactions