英文:
SSH with gitlab and docker executor
问题
我正在尝试使用GitLab流水线在我的本地虚拟机上部署Java应用程序,该Runner使用Docker,但是我遇到了以下错误:aminech@192.168.124.149: Permission denied (publickey,password)。
清理项目目录和基于文件的变量。
以下是YAML文件中的部署阶段:
公钥是我的虚拟机公钥。
私钥是我的虚拟机私钥。
服务器主机密钥:ssh-keyscan -t rsa 192.168.124.149
deploy_production:
stage: deploy
image: alpine:latest
before_script:
- apk add openssh-client
- mkdir -p ~/.ssh
- echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
- echo "$SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
- chmod 600 ~/.ssh/id_rsa
- chmod 644 ~/.ssh/id_rsa.pub
- eval "$(ssh-agent -s)"
- ssh-add ~/.ssh/id_rsa
- echo "$SSH_SERVER_HOSTKEYS" >> ~/.ssh/known_hosts
- echo ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
- chmod 644 ~/.ssh/known_hosts
script:
- ssh -v -o StrictHostKeyChecking=no aminech@192.168.124.149 "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d" #
我尝试了GitLab的文档,但没有帮助。
英文:
I am trying to deploy with GitLab pipeline java app on my localvm the runner uses docker and I am getting this error
aminech@192.168.124.149: Permission denied (publickey,password).
Cleaning up project directory and file based variables
this the YAML file deploy stage
public key is my vm public key
private key is my vm private key
server hostkeys ssh-keyscan -t rsa 192.168.124.149
deploy_production:
stage: deploy
image: alpine:latest
before_script:
- apk add openssh-client
- mkdir -p ~/.ssh
- echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
- echo "$SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
- chmod 600 ~/.ssh/id_rsa
- chmod 644 ~/.ssh/id_rsa.pub
- eval "$(ssh-agent -s)"
- ssh-add ~/.ssh/id_rsa
- echo "$SSH_SERVER_HOSTKEYS" >> ~/.ssh/known_hosts
- echo ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
- chmod 644 ~/.ssh/known_hosts
script:
- ssh -v -o StrictHostKeyChecking=no aminech@192.168.124.149 "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d" #
I tried the GitLab documentation and it's not helping
答案1
得分: 0
这个问题可能与位于用户主目录~/.ssh/下的authorized_keys文件的权限有关。
一旦您确认权限设置正确,您可以按照以下方式修复:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
另外,为了安全起见,最好创建一个专门用于部署任务的用户,而不是使用一些具有sudo权限的用户(例如您正在使用的个人用户aminech)。为此,您需要执行以下操作:
创建一个名为deployer的用户:
$ sudo adduser deployer
将该用户添加到Docker组:
$ sudo usermod -aG docker deployer
为该用户设置SSH密钥:
# 切换到deployer用户
$ su deployer
# 生成密钥
$ ssh-keygen -b 4096
# 将公钥追加到authorized_keys文件中
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
最后,您需要调整权限以避免出现Permission denied (publickey,password)错误:
# 退出deployer用户
$ exit
# 设置权限
$ sudo chmod 700 /home/deployer/.ssh
$ sudo chmod 600 /home/deployer/.ssh/authorized_keys
$ sudo chown -R deployer:docker /home/deployer/.ssh
通过这样做,您可以摆脱before_script部分(不要忘记使用部署用户的私钥更新$SSH_PRIVATE_KEY变量),只需使用以下内容:
. . .
deploy:
image: alpine:latest
stage: deploy
script:
- chmod og= $SSH_PRIVATE_KEY
- apk update && apk add openssh-client
- ssh -i $SSH_PRIVATE_KEY -o StrictHostKeyChecking=no deployer@$SERVER_IP "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"
英文:
This problem may be related to the permissions of the authorized_keys file located on the user home folder ~/.ssh/.
Once you've verified your permissions are correct, you can fix this like so:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Also a good practice, is to create a user that is dedicated for the deployment task and not use some sudo user for security purpose ( as youre using your personal user aminech ). For this you need to :
Create a deployer user :
$ sudo adduser deployer
Add the user to the Docker group :
$ sudo usermod -aG docker deployer
Set up an SSH key for this user :
# Switch to deployer user
$ su deployer
# Generate the key
$ ssh-keygen -b 4096
# Append the public key to the authorized_keys file
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Lastly you need to adjust the permissions to avoid the Permission denied (publickey,password) error :
# Exit deployer user
$ exit
# Set up the permissions
$ sudo chmod 700 /home/deployer/.ssh
$ sudo chmod 600 /home/deployer/.ssh/authorized_keys
$ sudo chown -R deployer:docker /home/deployer/.ssh
By this your you can get ride of the before_script section, (dont forget to update the $SSH_PRIVATE_KEY variable with the private key of the deployer user) and just use :
. . .
deploy:
image: alpine:latest
stage: deploy
script:
- chmod og= $SSH_PRIVATE_KEY
- apk update && apk add openssh-client
- ssh -i $SSH_PRIVATE_KEY -o StrictHostKeyChecking=no deployer@$SERVER_IP "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论