问题
我正在尝试在 gitlab 构建期间从 gitlab(自托管)克隆私有 repo。
我正在使用没有密码的 ssh 私钥,但收到错误
key_load_private_type: incorrect passphrase supplied to decrypt private key
文件和调试
.gitlab-ci.yml
image: tetraweb/php:5.5
variables:
TIMEZONE: Asia/Novosibirsk
before_script:
# Create deploy private key
- mkdir ~/.ssh
- echo $DEPLOY_KEY_PRIVATE >> ~/.ssh/id_rsa && chmod 0600 ~/.ssh/id_rsa
- echo "Host gitlab.example.com"$'\n\t'"IdentityFile ~/.ssh/id_rsa" >> ~/.ssh/config
- ssh-keyscan -t rsa gitlab.example.com >> ~/.ssh/known_hosts
test:
script:
- ssh -vT [email protected]
DEPLOY_KEY_PRIVATE
包含私钥
构建输出
gitlab-ci-multi-runner 0.7.2 (abcdefgh)
Using Docker executor with image tetraweb/php:5.5 ...
Pulling docker image gitlab/gitlab-runner:build ...
Pulling docker image tetraweb/php:5.5 ...
Running on runner-18f77f26-project-4-concurrent-0 via gitlab.example.com...
Fetching changes...
HEAD is now at 24c8b8d branch-1: Build 32.
From http://gitlab.example.com/my-company/my-private-repo
24c8b8d..bfa1b67 branch-1 -> origin/branch-1
Checking out bfa1b67d as branch-1...
Previous HEAD position was 24c8b8d... branch-1: Build 32.
HEAD is now at bfa1b67... branch-1: Build 33.
Current default time zone: 'Asia/Novosibirsk'
Local time is now: Wed Jan 27 18:43:18 NOVT 2016.
Universal Time is now: Wed Jan 27 12:43:18 UTC 2016.
$ mkdir ~/.ssh
$ echo $DEPLOY_KEY_PRIVATE >> ~/.ssh/id_rsa && chmod 0600 ~/.ssh/id_rsa
$ echo "Host gitlab.example.com"$'\n\t'"IdentityFile ~/.ssh/id_rsa" >> ~/.ssh/config
$ ssh-keyscan -t rsa gitlab.example.com >> ~/.ssh/known_hosts
# gitlab.example.com SSH-2.0-OpenSSH_6.7p1 Debian-5
$ ssh -vT [email protected]
OpenSSH_6.7p1 Debian-5+deb8u1, OpenSSL 1.0.1k 8 Jan 2015
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for gitlab.example.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to gitlab.example.com [111.111.111.111] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5
debug1: match: OpenSSH_6.7p1 Debian-5 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA a1:a2:a3:a4:a5:a6:a7:a8:a9:b1:b2:b3:b4:b5:b6:b7
debug1: Host 'gitlab.example.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '111.111.111.111' to the list of known hosts.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_load_private_type: incorrect passphrase supplied to decrypt private key
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).
ERROR: Build failed with: exit code 1
在我的 vps 上尝试相同的 ssh 密钥
连接成功
me@vps:~$ ssh -vT [email protected]
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/me/.ssh/config
debug1: /home/me/.ssh/config line 1: Applying options for gitlab.example.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to gitlab.example.com [111.111.111.111] port 22.
debug1: Connection established.
debug1: identity file /home/me/.ssh/deploy_rsa type -1
debug1: identity file /home/me/.ssh/deploy_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5
debug1: match: OpenSSH_6.7p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA f1:f2:f3:f4:f5:f6:f7:f8:f9:g1:g2:g3:g4:g5:g6:g7
debug1: Host 'gitlab.example.com' is known and matches the ECDSA host key.
debug1: Found key in /home/me/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/me/.ssh/deploy_rsa
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to gitlab.example.com ([111.111.111.111]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Sending environment.
debug1: Sending env LC_PAPER = ru_RU.UTF-8
debug1: Sending env LC_ADDRESS = ru_RU.UTF-8
debug1: Sending env LC_MONETARY = ru_RU.UTF-8
debug1: Sending env LC_NUMERIC = ru_RU.UTF-8
debug1: Sending env LC_TELEPHONE = ru_RU.UTF-8
debug1: Sending env LC_IDENTIFICATION = ru_RU.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_MEASUREMENT = ru_RU.UTF-8
debug1: Sending env LC_TIME = ru_RU.UTF-8
debug1: Sending env LC_NAME = ru_RU.UTF-8
Welcome to GitLab, Anonymous!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3368, received 1856 bytes, in 0.3 seconds
Bytes per second: sent 12948.9, received 7135.7
debug1: Exit status 0
答案1
验证密钥格式未被弄乱。
如果 ssh 客户端无法正确读取密钥,我看到过这样的情况:它会认为这是一个加密密钥,并要求输入密码。
答案2
我今天遇到了这个问题,并想在再次遇到它时给出另一个答案。
我的问题在于与该语句等同的内容:
echo $DEPLOY_KEY_PRIVATE >> ~/.ssh/id_rsa && chmod 0600 ~/.ssh/id_rsa
我需要将变量括在双引号中,即"$DEPLOY_KEY_PRIVATE"
。