问题
I'm trying to do some stuff within Gitlab CI on a remote server. When using RSA keys everything works fine, but when I try using ED25519 keys, I'm stuck:
Running with gitlab-ci-multi-runner 9.3.0 (3df822b)
on Internal Runner (079281fd)
Using Docker executor with image 1drop/docker:git ...
Using docker image sha256:b9cf0ca386341048f8696d950123e20b5d6583c190f266aacb25b6d3d4736028 for predefined container...
Pulling docker image 1drop/docker:git ...
Using docker image 1drop/docker:git ID=sha256:966d107d59806ab1a3aa2229618858b5141e2c7bb183dd9f4dfaafdca4d51774 for build container...
Running on runner-079281fd-project-207-concurrent-0 via srv1...
Fetching changes...
$ eval $(ssh-agent -s)
Agent pid 17
$ ssh-add <(echo "$SSH_PRIVATE_KEY"| base64 -d)
Enter passphrase for /dev/fd/63: ERROR: Job failed: exit code 1
As you can see I already tried encoding the ed25519 key using base64 if something would go wrong when Gitlab is injecting the SSH_PRIVATE_KEY variable into the runtime.
The content of the key is fine, I can output it and test it locally and it works. Also if I put a regular RSA key into the SSH_PRIVATE_KEY variable, it works perfectly. But on some customer servers I'm required to use ed25519 and I keep getting this "enter passphrase" stuff and I don't know why.
Do I need to install some libraries in order for this to work? My ssh module says it can do ed25519 keys.
回答1:
The documentation has been updated. See https://docs.gitlab.com/ce/ci/ssh_keys/README.html
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
Using this command worked for me.
来源:https://stackoverflow.com/questions/44822678/gitlab-ci-use-ed25519-private-key