많은 질문 중에서 내 질문에 대답하는 질문이 하나도 없는 것 같습니다.
그래서 gitlab을 사용하여 ci/cd 파이프라인을 설정하려고 했지만 ssh를 사용하여 배포하는 데 막혔습니다.
그래서 SSH 키 쌍(rsa)을 생성한 빌드 서버가 있습니다. gitlab의 사용자 정의 변수에 개인 값을 추가합니다. 하지만 그런 장치나 주소가 없는 /dev/tty에 갇힌 것 같습니다.
/dev/tty에 대한 권한을 확인했는데 괜찮아 보입니다. gitlab과 내 빌드 서버 모두 ubuntu20.4.4lts 및 22.04.1 lts를 실행하고 있습니다.
deploy:
stage: deploy
environment: production
image: alpine
tags:
- dev
before_script:
- apk add openssh-client
- apk add zip
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- mkdir ExampleProject
- cp -R Test /ExampleProject
- zip -r ExampleProject.zip ExampleProject
script:
- ssh -Tv -o StrictHostKeyChecking=no [email protected] "cd /home/builduser; unzip ExampleProject.zip"
나는 또한 내가 느끼는 방식이 이것과 관련이 있다는 것을 이해합니다.
편집하다:
그래서 키에는 ssh-keygen -t rsa -b 2048을 사용했습니다.
gitlab 소스에 따르면: Gitlab SSH 등록 시스템
프로젝트에 개인 키를 변수로 추가했습니다. 열쇠의 경우 비밀번호를 묻는 질문에 두 번 탭했습니다.
오류는 다음과 같습니다.
Executing "step_script" stage of the job script
00:06
Using docker image sha256:9c6f0724472873bb50a2ae67a9e7adcb57673a183cea8b06eb778dca859181b5 for alpine with digest alpine@sha256:bc41182d7ef5ffc53a40b044e725193bc10142a1243f395ee852a8d9730fc2ad ...
$ apk add openssh-client
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/6) Installing openssh-keygen (9.0_p1-r2)
(2/6) Installing ncurses-terminfo-base (6.3_p20220521-r0)
(3/6) Installing ncurses-libs (6.3_p20220521-r0)
(4/6) Installing libedit (20210910.3.1-r0)
(5/6) Installing openssh-client-common (9.0_p1-r2)
(6/6) Installing openssh-client-default (9.0_p1-r2)
Executing busybox-1.35.0-r17.trigger
OK: 11 MiB in 20 packages
$ apk add zip
(1/2) Installing unzip (6.0-r9)
(2/2) Installing zip (3.0-r9)
Executing busybox-1.35.0-r17.trigger
OK: 11 MiB in 22 packages
$ eval $(ssh-agent -s)
Agent pid 16
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
Identity added: (stdin) (builduser@build-server)
$ mkdir -p ~/.ssh
$ chmod 700 ~/.ssh
$ mkdir ExampleProject
$ cp -R Test /ExampleProject
$ zip -r ExampleProject.zip ExampleProject
adding: ExampleProject/ (stored 0%)
$ ssh -Tv -o StrictHostKeyChecking=no [email protected] "cd /home/builduser; unzip ExampleProject.zip"
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.0.95 [192.168.0.95] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.95:22 as 'builduser'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:RuQORGBuQwSDQosn3QKNw0tIxSL398OOhPg80CF3VzA
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
Warning: Permanently added '192.168.0.95' (ED25519) to the list of known hosts.
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: builduser@build-server RSA SHA256:caxgh10CwPovoNFrlxrnxkU6GsvfeQND0bOjhft/us0 agent
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ecdsa_sk
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_ed25519_sk
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
This server is protected.
Ungranted access to this server is forbidden and illigal by law to do so.
Going further you agreed to know the issues and consequences that may cause of your actions punishable by law.
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: builduser@build-server RSA SHA256:caxgh10CwPovoNFrlxrnxkU6GsvfeQND0bOjhft/us0 agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug1: Trying private key: /root/.ssh/id_xmss
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,password).
ERROR: Job failed: exit code 255
답변1
한 가지 가능성은 비밀번호가 포함된 키를 추가했다는 것입니다. 이는 귀하의사적인키는 암호화되어 있으며 잠금을 해제하려면 비밀번호를 입력해야 합니다. 로컬 시스템에서는 컴퓨터에 "비밀번호를 기억하세요", "키체인에 저장하세요" 또는 이와 유사한 명령을 내릴 수 있습니다. 하지만 gitlab 서버에는 비밀번호가 없습니다.
gitlab CI/CD 서버가 키를 요청할 때 해당 비밀번호가 필요하며 터미널을 열려고 합니다. 하지만 로컬 터미널이 없도록 설정되어 있으므로 오류가 발생합니다.
빠른 해결 방법은 다른 SSH 키를 생성하되 비밀번호는 설정하지 않는 것입니다.
편집: 댓글을 기반으로 업데이트됨
또 다른 가능성도 있습니다. 개인 키를 업로드하지 않았기 때문에 ću/cd 서버가 해당 키로 로그인할 수 없고 비밀번호를 묻는 것입니다.