I was following this blog post which was mentioned in another thread (can’t post link - at link limit), however I’m not sure where I went wrong. I made an ssh-key without a passphrase, and moved the public key to the authorized_keys file on the server, so I think that’s all good. Although I should test doing that with my docker image before I try it on circle ci I guess… But perhaps you guys can point out my flaw
- Created ssh key without passphrase
- Added private key without host name in project settings
- server has public key in its authorized_keys file
- I’m using a custom docker image, build on alpine, with rsync, git, ssh, ca-certs installed
- I put the rsync commands in a sh script to run
How do I tell rsync to use that private key? I’ve thought about starting up ssh-agent, but I don’t know what to ssh-add because there isn’t anything in
~/.ssh (I tried to
ls -la ~/.ssh already, and there isn’t anything there).
Here’s a gist of the relevant files which include my .circleci/config.yml file and my repo-scripts/deploy.sh file.
Currently rsync is prompting for passwords, which I don’t think it should be doing. I could pass
-v to rsync to get more info if needed:
output of job
#!/bin/sh -eo pipefail sh ~/repo/repo-scripts/deploy.sh Agent pid 65 Warning: Permanently added '[host1]:xx,[ip]:xx' (ECDSA) to the list of known hosts. Warning: Permanently added '[host2]:xx,[ip]:xx' (ECDSA) to the list of known hosts. Warning: Permanently added '[host3]:xx,[ip]:xx' (ECDSA) to the list of known hosts. some-user@host1's password: some-user@host2's's password: some-user@host3's's password: Step was canceled
(Had to cancel job since rsync was waiting for password).