Hi all! I’m new to the community and trying to setup things for a passwordless scp deployment. I am not a sysadmin, but from what I understand traditionally, what I need in order to achieve this, is to configure the public SSH key of the server running the
scp as an
authorized_host of the destination.
So I look at CircleCI settings and it’s asking me for my private SSH key (i.e.: where I am deploying to). This is exactly the opposite of how trustability in the crypto world works, as far as I am aware. You are making me copy my private key into a web form. By uploading it to CircleCI, I’m effectively giving you permission to access every other server in the world that acknowledges my public key.
TravisCI, just to give an example, has a mechanism for encrypting the
id_rsa file and only decrypt it during a build if it’s needed. And that whole process in done via a CLI tool (not a web browser).
So how should I go about all this? Any other proposed way I could tackle this without the implications of a potentially severe security breach?
Thank you very much.