在已经提出的许多问题中,似乎没有一个能回答我的问题。
所以我尝试使用 gitlab 设置 ci/cd 管道,但我陷入了使用 ssh 的部署工作中。
所以我有一个构建服务器,我在那里生成了一个 ssh 密钥对(rsa)。我将私有值添加到 gitlab 中的自定义变量中。但是我似乎被困在 /dev/tty 没有这样的设备或地址。
我检查了 /dev/tty 的权限,看起来没问题。 gitlab 和我的构建服务器都运行 ubuntu20.4.4lts 和 22.04.1 lts。
deploy:
stage: deploy
environment: production
image: alpine
tags:
- dev
before_script:
- apk add openssh-client
- apk add zip
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- mkdir ExampleProject
- cp -R Test /ExampleProject
- zip -r ExampleProject.zip ExampleProject
script:
- ssh -Tv -o StrictHostKeyChecking=no [email protected] "cd /home/builduser; unzip ExampleProject.zip"
我也明白了,我有这样的感觉,和这个有关系。
编辑:
因此,对于密钥,我使用了 ssh-keygen -t rsa -b 2048。
根据 gitlab 的消息来源: Gitlab ssh 注册机
我将私钥添加为项目中的变量。对于密钥,当要求输入密码时,我只是按 Tab 键输入两次。
至于错误:
Executing "step_script" stage of the job script
00:06
Using docker image sha256:9c6f0724472873bb50a2ae67a9e7adcb57673a183cea8b06eb778dca859181b5 for alpine with digest alpine@sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad ...
$ apk add openssh-client
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/6) Installing openssh-keygen (9.0_p1-r2)
(2/6) Installing ncurses-terminfo-base (6.3_p20220521-r0)
(3/6) Installing ncurses-libs (6.3_p20220521-r0)
(4/6) Installing libedit (20210910.3.1-r0)
(5/6) Installing openssh-client-common (9.0_p1-r2)
(6/6) Installing openssh-client-default (9.0_p1-r2)
Executing busybox-1.35.0-r17.trigger
OK: 11 MiB in 20 packages
$ apk add zip
(1/2) Installing unzip (6.0-r9)
(2/2) Installing zip (3.0-r9)
Executing busybox-1.35.0-r17.trigger
OK: 11 MiB in 22 packages
$ eval $(ssh-agent -s)
Agent pid 16
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
Identity added: (stdin) (builduser@build-server)
$ mkdir -p ~/.ssh
$ chmod 700 ~/.ssh
$ mkdir ExampleProject
$ cp -R Test /ExampleProject
$ zip -r ExampleProject.zip ExampleProject
adding: ExampleProject/ (stored 0%)
$ ssh -Tv -o StrictHostKeyChecking=no [email protected] "cd /home/builduser; unzip ExampleProject.zip"
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.0.95 [192.168.0.95] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.95:22 as 'builduser'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:RuQORGBuQwSDQosn3QKNw0tIxSL398OOhPg80CF3VzA
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
Warning: Permanently added '192.168.0.95' (ED25519) to the list of known hosts.
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: builduser@build-server RSA SHA256:caxgh10CwPovoNFrlxrnxkU6GsvfeQND0bOjhft/us0 agent
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
This server is protected.
Ungranted access to this server is forbidden and illigal by law to do so.
Going further you agreed to know the issues and consequences that may cause of your actions punishable by law.
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: builduser@build-server RSA SHA256:caxgh10CwPovoNFrlxrnxkU6GsvfeQND0bOjhft/us0 agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,password).
ERROR: Job failed: exit code 255
答案1
一种可能性是您添加了带有密码的密钥。这意味着,你的私人的密钥已加密,要解锁它,您必须输入密码。在您的本地系统上,您可能已经告诉您的计算机“记住密码”、“将其存储在钥匙串中”或类似的操作。但 gitlab 服务器没有你的密码。
当 gitlab CI/CD 服务器需要您的密钥时,它们需要该密码,它们会尝试打开终端。但它们的设置使得没有本地终端,因此您会收到错误。
快速解决方案是生成另一个 ssh 密钥,但不要在其上设置任何密码。
编辑:根据评论更新
还有另一种可能性:您没有上传私钥,因此您的 ću/cd 服务器无法使用密钥登录并要求输入密码。