For some strange reason, the first time I added my private key to CircleCI SSH permissions, it was able to SSH into my VPS and run a bash script. Subsequent builds, I get permission denied even though I didn’t change the keys.
Here is my config.yml
# Javascript Node CircleCI 2.0 configuration file
#
# Check https://circleci.com/docs/2.0/language-javascript/ for more details
#
version: 2
jobs:
build:
docker:
# specify the version you desire here
- image: circleci/node:10.6.0
# Specify service dependencies here if necessary
# CircleCI maintains a library of pre-built images
# documented at https://circleci.com/docs/2.0/circleci-images/
# - image: circleci/mongo:3.4.4
working_directory: ~/repo
steps:
- checkout
# Download and cache dependencies
- restore_cache:
keys:
- v1-dependencies-{{ checksum "package.json" }}
# fallback to using the latest cache if no exact match is found
- v1-dependencies-
- run:
name: Creating .npmrc
command: |
echo "@fortawesome:registry=https://npm.fontawesome.com/" >> ~/.npmrc
echo "//npm.fontawesome.com/:_authToken=$FONTAWESOME_TOKEN" >> ~/.npmrc
- run:
name: Install npm packages
command: npm install
- save_cache:
paths:
- node_modules
key: v1-dependencies-{{ checksum "package.json" }}
- run:
name: Build React app
command: npm run build:$CIRCLE_BRANCH
- run:
name: Building artifacts
command: |
mkdir /tmp/artifacts
cp -r /home/circleci/repo/client /tmp/artifacts;
cp -r /home/circleci/repo/migrations /tmp/artifacts;
cp -r /home/circleci/repo/server /tmp/artifacts;
cp /home/circleci/repo/constants.js /tmp/artifacts/constants.js;
cp /home/circleci/repo/package.json /tmp/artifacts/package.json;
cp /home/circleci/repo/package-lock.json /tmp/artifacts/package-lock.json;
tar czf build.tar --directory=/tmp/artifacts ./;
- store_artifacts:
path: build.tar
destination: build
deploy:
machine:
enabled: true
steps:
- run:
name: Deploy to server
command: ssh $SSH_USER@$SSH_HOST /opt/hire_world/${CIRCLE_BRANCH}/deploy.sh
workflows:
version: 2
build-and-deploy:
jobs:
- build:
filters:
branches:
only:
- staging
- production
ignore:
- master
- deploy:
requires:
- build
filters:
branches:
only:
- staging
- production
ignore:
- master
How I created and added my keys:
In a linux terminal, I created my SSH key using ssh-keygen -m PEM -t rsa -C "your_email@example.com"
with my email. I copied the key in id_rsa to my CircleCI settings SSH permissions with the hostname blank. I then copied the key in id_rsa.pub to my VPS’s ~/.ssh/authorized_keys
.
When debugging with SSH enabled, I SSH into the box and generated another pair of SSH keys. Copied the public key to my VPS authorized keys, and tried to SSH from the box but also got permission denied.
What I want to do is after my build, upload artifacts, and then SSH into my VPS to download artifact, unpack it, run npm commands (install, migrations, etc.) and restart my node server.
I’m all out of ideas, especially as to why the first time worked but subsequent tries did not. Am I doing something wrong here?