使用GitLab和Docker执行器进行SSH连接

huangapple go评论104阅读模式
英文:

SSH with gitlab and docker executor

问题

我正在尝试使用GitLab流水线在我的本地虚拟机上部署Java应用程序,该Runner使用Docker,但是我遇到了以下错误:aminech@192.168.124.149: Permission denied (publickey,password)

清理项目目录和基于文件的变量。

以下是YAML文件中的部署阶段:

公钥是我的虚拟机公钥。
私钥是我的虚拟机私钥。
服务器主机密钥:ssh-keyscan -t rsa 192.168.124.149

deploy_production:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add openssh-client
    - mkdir -p ~/.ssh
    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
    - echo "$SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
    - chmod 600 ~/.ssh/id_rsa
    - chmod 644 ~/.ssh/id_rsa.pub
    - eval "$(ssh-agent -s)"
    - ssh-add ~/.ssh/id_rsa
    - echo "$SSH_SERVER_HOSTKEYS" >> ~/.ssh/known_hosts
    - echo ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
    - chmod 644 ~/.ssh/known_hosts

  script:
    - ssh -v -o StrictHostKeyChecking=no aminech@192.168.124.149 "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"  #

我尝试了GitLab的文档,但没有帮助。

英文:

I am trying to deploy with GitLab pipeline java app on my localvm the runner uses docker and I am getting this error
aminech@192.168.124.149: Permission denied (publickey,password).
Cleaning up project directory and file based variables
this the YAML file deploy stage
public key is my vm public key
private key is my vm private key
server hostkeys ssh-keyscan -t rsa 192.168.124.149

deploy_production:
  stage: deploy
  image: alpine:latest
  before_script:
    - apk add openssh-client
    - mkdir -p ~/.ssh
    - echo "$SSH_PRIVATE_KEY"  > ~/.ssh/id_rsa
    - echo "$SSH_PUBLIC_KEY" > ~/.ssh/id_rsa.pub
    - chmod 600 ~/.ssh/id_rsa
    - chmod 644 ~/.ssh/id_rsa.pub
    - eval "$(ssh-agent -s)"
    - ssh-add ~/.ssh/id_rsa
    - echo "$SSH_SERVER_HOSTKEYS" >> ~/.ssh/known_hosts
    - echo ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
    - chmod 644 ~/.ssh/known_hosts

  script:
    - ssh  -v -o StrictHostKeyChecking=no aminech@192.168.124.149  "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"  # 

I tried the GitLab documentation and it's not helping

答案1

得分: 0

这个问题可能与位于用户主目录~/.ssh/下的authorized_keys文件的权限有关。

一旦您确认权限设置正确,您可以按照以下方式修复:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

另外,为了安全起见,最好创建一个专门用于部署任务的用户,而不是使用一些具有sudo权限的用户(例如您正在使用的个人用户aminech)。为此,您需要执行以下操作:

创建一个名为deployer的用户:

$ sudo adduser deployer

将该用户添加到Docker组:

$ sudo usermod -aG docker deployer

为该用户设置SSH密钥:

# 切换到deployer用户
$ su deployer

# 生成密钥
$ ssh-keygen -b 4096

# 将公钥追加到authorized_keys文件中
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

最后,您需要调整权限以避免出现Permission denied (publickey,password)错误:

# 退出deployer用户
$ exit

# 设置权限
$ sudo chmod 700 /home/deployer/.ssh
$ sudo chmod 600 /home/deployer/.ssh/authorized_keys
$ sudo chown -R deployer:docker /home/deployer/.ssh

通过这样做,您可以摆脱before_script部分(不要忘记使用部署用户的私钥更新$SSH_PRIVATE_KEY变量),只需使用以下内容:

. . .
deploy:
  image: alpine:latest
  stage: deploy
  script:
    - chmod og= $SSH_PRIVATE_KEY
    - apk update && apk add openssh-client
    - ssh -i $SSH_PRIVATE_KEY -o StrictHostKeyChecking=no deployer@$SERVER_IP "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"
英文:

This problem may be related to the permissions of the authorized_keys file located on the user home folder ~/.ssh/.

Once you've verified your permissions are correct, you can fix this like so:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Also a good practice, is to create a user that is dedicated for the deployment task and not use some sudo user for security purpose ( as youre using your personal user aminech ). For this you need to :

Create a deployer user :

$ sudo adduser deployer

Add the user to the Docker group :

$ sudo usermod -aG docker deployer

Set up an SSH key for this user :

# Switch to deployer user
$ su deployer

# Generate the key
$ ssh-keygen -b 4096

# Append the public key to the authorized_keys file
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Lastly you need to adjust the permissions to avoid the Permission denied (publickey,password) error :

# Exit deployer user
$ exit

# Set up the permissions
$ sudo chmod 700 /home/deployer/.ssh
$ sudo chmod 600 /home/deployer/.ssh/authorized_keys
$ sudo chown -R deployer:docker /home/deployer/.ssh

By this your you can get ride of the before_script section, (dont forget to update the $SSH_PRIVATE_KEY variable with the private key of the deployer user) and just use :

. . .
deploy:
  image: alpine:latest
  stage: deploy
  script:
    - chmod og= $SSH_PRIVATE_KEY
    - apk update && apk add openssh-client
    - ssh -i $SSH_PRIVATE_KEY -o StrictHostKeyChecking=no deployer@$SERVER_IP "cd ~/Desktop/javapipline && export IMAGE_TAG=${CI_COMMIT_SHORT_SHA} && docker-compose up -d"

huangapple
  • 本文由 发表于 2023年8月8日 21:20:14
  • 转载请务必保留本文链接:https://go.coder-hub.com/76859973.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定