0

I set up my gitlab-runner at server A, and want to deploy to test environment at server B via ssh. I followed this guide from gitlab docs:

  1. create ssh key pair with ssh-keygen at server A
  2. add the private key as variable to the project on gitlab
  3. add the public key to authorized_key file at server B
  4. run ssh-agent during the deployment-job, and try to ssh to server B from server A

Here is the build details of my deployment stage:

Running with gitlab-ci-multi-runner 1.10.4 (b32125f)
Using Shell executor...
Running on phxszap09...
Fetching changes...
HEAD is now at b3adbe0 test ci
From http://10.0.15.60/duxiang/mediaExpress
   b3adbe0..5eb8d4d  master     -> origin/master
Checking out 5eb8d4db as master...
Skipping Git submodules setup
$ which ssh-agent || (sudo yum update -y && sudo yum install openssh-client -y)
/usr/bin/ssh-agent
$ eval $(ssh-agent -s)
Agent pid 16954
$ ssh-add <(echo "$SSH_PRIVATE_KEY")
Identity added: /dev/fd/63 (/dev/fd/63)
$ mkdir -p ~/.ssh
$ echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
$ ssh -vvv [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Pseudo-terminal will not be allocated because stdin is not a terminal.

debug1: Reading configuration data /home/gitlab-runner/.ssh/config

debug1: Applying options for *

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to 10.0.15.61 [10.0.15.61] port 22.

debug1: Connection established.

debug1: identity file /home/gitlab-runner/.ssh/identity type -1

debug1: identity file /home/gitlab-runner/.ssh/identity-cert type -1

debug3: Not a RSA1 key file /home/gitlab-runner/.ssh/id_rsa.

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug3: key_read: missing keytype

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug3: key_read: missing whitespace

debug2: key_type_from_name: unknown key type '-----END'

debug3: key_read: missing keytype

debug1: identity file /home/gitlab-runner/.ssh/id_rsa type 1

debug1: identity file /home/gitlab-runner/.ssh/id_rsa-cert type -1

debug1: identity file /home/gitlab-runner/.ssh/id_dsa type -1

debug1: identity file /home/gitlab-runner/.ssh/id_dsa-cert type -1

debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa type -1

debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa-cert type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3

debug1: match: OpenSSH_5.3 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.3

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug3: Wrote 960 bytes for a total of 981

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,[email protected],zlib

debug2: kex_parse_kexinit: none,[email protected],zlib

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,[email protected]

debug2: kex_parse_kexinit: none,[email protected]

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: mac_setup: found hmac-md5

debug1: kex: server->client aes128-ctr hmac-md5 none

debug2: mac_setup: found hmac-md5

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug3: Wrote 24 bytes for a total of 1005

debug2: dh_gen_key: priv key bits set: 133/256

debug2: bits set: 533/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: Wrote 144 bytes for a total of 1149

debug3: check_host_in_hostfile: host 10.0.15.61 filename /home/gitlab-runner/.ssh/known_hosts

debug3: check_host_in_hostfile: host 10.0.15.61 filename /home/gitlab-runner/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug1: Host '10.0.15.61' is known and matches the RSA host key.

debug1: Found key in /home/gitlab-runner/.ssh/known_hosts:1

debug2: bits set: 528/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: Wrote 16 bytes for a total of 1165

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug3: Wrote 48 bytes for a total of 1213

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/gitlab-runner/.ssh/id_rsa (0x7f919c065b30)

debug2: key: /home/gitlab-runner/.ssh/identity ((nil))

debug2: key: /home/gitlab-runner/.ssh/id_dsa ((nil))

debug2: key: /home/gitlab-runner/.ssh/id_ecdsa ((nil))

debug3: Wrote 80 bytes for a total of 1293

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup gssapi-keyex

debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-keyex

debug1: Next authentication method: gssapi-keyex

debug1: No valid Key exchange context

debug2: we did not send a packet, disable method

debug3: authmethod_lookup gssapi-with-mic

debug3: remaining preferred: publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-with-mic

debug1: Next authentication method: gssapi-with-mic

debug3: Trying to reverse map address 10.0.15.61.

Nasty PTR record "61" is set up for 10.0.15.61, ignoring

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_498' not found


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_498' not found


debug1: Unspecified GSS failure.  Minor code may provide more information



debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_498' not found


debug2: we did not send a packet, disable method

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/gitlab-runner/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug3: Wrote 624 bytes for a total of 1917

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug1: Trying private key: /home/gitlab-runner/.ssh/identity

debug3: no such identity: /home/gitlab-runner/.ssh/identity

debug1: Trying private key: /home/gitlab-runner/.ssh/id_dsa

debug3: no such identity: /home/gitlab-runner/.ssh/id_dsa

debug1: Trying private key: /home/gitlab-runner/.ssh/id_ecdsa

debug3: no such identity: /home/gitlab-runner/.ssh/id_ecdsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

debug1: read_passphrase: can't open /dev/tty: No such device or address

debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug3: Wrote 144 bytes for a total of 2061

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

Permission denied, please try again.

debug1: read_passphrase: can't open /dev/tty: No such device or address

debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug3: Wrote 144 bytes for a total of 2205

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

Permission denied, please try again.

debug1: read_passphrase: can't open /dev/tty: No such device or address

debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug3: Wrote 144 bytes for a total of 2349

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

ERROR: Build failed: exit status 1

Anyone can help?

Improve this question
5
  • Please do include the actual commands you've used in .gitlab-ci.yml Commented Mar 21, 2017 at 19:53
  • @JakubKania Sorry for that, I've added build details Commented Mar 22, 2017 at 2:28
  • Possible duplicate of Gitlab - failed to authenticate remote server for CI and CD build Commented Jan 17, 2019 at 7:27
  • Did you test connection locally? There seems to be so many of these similar issues with no answers, including mine stackoverflow.com/questions/57290734/… Commented Aug 6, 2019 at 17:31
  • IIRC, I'd never tried that when running gitlab-ci since then, just to avoid the failures. Digging into the error message about the key format may help. Commented Aug 7, 2019 at 3:08

2 Answers 2

Reset to default
0 
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gitlab-runner/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 624 bytes for a total of 1917

The private key was rejected.

debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 2061
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 2205
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 2349

It asks for password, which can not be provided from the script. Check the configuration on the server B

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

@JakubKania what? This was probably intended as a comment to the question, isn't it?
Oh my, yes, yes it was.
Sorry, I don't really get you. By creating key pair without passphrase and using ssh-agent, it should not ask for any more password. Is that right? I checked the /etc/ssh/sshd_config on server B, and added RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys. But ended with no luck
The only offered key is rejected by the server. If the key from agent should be offered, it is not.
0

key_type_from_name: unknown key type '-----BEGIN'

This means that the you have a misformatted key, the key from your variable /dev/fd/63 is never offered. Please check the formatting of your variable.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.