Ssh-add private no host key for rsync

ssh
deployment

#1

I was following this blog post which was mentioned in another thread (can’t post link - at link limit), however I’m not sure where I went wrong. I made an ssh-key without a passphrase, and moved the public key to the authorized_keys file on the server, so I think that’s all good. Although I should test doing that with my docker image before I try it on circle ci I guess… But perhaps you guys can point out my flaw

  • Created ssh key without passphrase
  • Added private key without host name in project settings
  • server has public key in its authorized_keys file
  • I’m using a custom docker image, build on alpine, with rsync, git, ssh, ca-certs installed
  • I put the rsync commands in a sh script to run

How do I tell rsync to use that private key? I’ve thought about starting up ssh-agent, but I don’t know what to ssh-add because there isn’t anything in ~/.ssh (I tried to ls -la ~/.ssh already, and there isn’t anything there).

Here’s a gist of the relevant files which include my .circleci/config.yml file and my repo-scripts/deploy.sh file.

Currently rsync is prompting for passwords, which I don’t think it should be doing. I could pass -v to rsync to get more info if needed:

output of job

#!/bin/sh -eo pipefail
sh ~/repo/repo-scripts/deploy.sh
Agent pid 65
Warning: Permanently added '[host1]:xx,[ip]:xx'
  (ECDSA) to the list of known hosts.

Warning: Permanently added '[host2]:xx,[ip]:xx'
  (ECDSA) to the list of known hosts.

Warning: Permanently added '[host3]:xx,[ip]:xx'
  (ECDSA) to the list of known hosts.

some-user@host1's password:
some-user@host2's's password:
some-user@host3's's password: 

Step was canceled

(Had to cancel job since rsync was waiting for password).


#2

I’ve been reading these docs as well, but from my above experiment with ls -la ~/.ssh, I guess those are just 1.0 docs, and circleci 2.0 is different?

Actually… I just looked in 2.0 docs and found this - let me try that…! xD


Those docs say:

Note that CircleCI 2.0 jobs are auto configured with ssh-agent with all keys auto-loaded, and is sufficient for most cases.

So I guess it’s a bad configuration on my part (either the prod server or the docker image). I’ll close this and reopen if I rule that out completely.


#3

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.