I have an gitlab-ci script that connects to the production server and does a git pull when I merge something to master branch automatically:
stages: - deploydeploy_job: stage: deploy before_script: - sudo apt-get update -y && sudo apt-get install -y openssh-client - eval $(ssh-agent -s) - mkdir -p ~/.ssh - echo "${SSH_PRIVATE_KEY}" | tr -d '\r'> ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - chmod 700 ~/.ssh - echo -e "Host gitlab.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config - echo "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtP6AroDQ7T/E9y6eGRc+ItY63To0KDKdsK9i8Yh5Po" >> ~/.ssh/known_hosts - ssh-keyscan 37.152.183.15 >> ~/.ssh/known_hosts - git config --global url."git@gitlab.com:".insteadOf "https://gitlab.com/" script: - whoami - echo "Deploying to server.." - ssh -o StrictHostKeyChecking=no ubuntu@37.152.183... "cd /var/www/api && git pull origin master && php artisan optimize" only: - masterIt throws the following error and the job fails:
ubuntu@37.152.183...: Permission denied (publickey,password).
As you can see, there is something wrong in the ssh public/private keys setup or probably user ownership/accessibilities. It should be noted that the gitlab-runner service is also installed on the production server.
Also, here is the result of ssh -v ..:
Running with gitlab-runner 17.2.0 (6428c288) on LocalServerRunner L34FupsQ_, system ID: s_e5cdc22f89bePreparing the "shell" executorUsing Shell (bash) executor...Preparing environmentRunning on ubuntu-g2-medium6-simin-1...Getting source from Git repositoryFetching changes with git depth set to 20...Reinitialized existing Git repository in /home/ubuntu/builds/L34FupsQ_/0/arshiyanfar/website-back-new/.git/Checking out 31d5304f as detached HEAD (ref is master)...Skipping Git submodules setupExecuting "step_script" stage of the job script$ sudo apt-get update -y && sudo apt-get install -y openssh-clientHit:1 http://nova.clouds.archive.ubuntu.com/ubuntu jammy InReleaseHit:2 http://security.ubuntu.com/ubuntu jammy-security InReleaseIgn:3 https://packages.gitlab.com/runner/gitlab-runner/debian stable InReleaseHit:4 https://dl.yarnpkg.com/debian stable InReleaseErr:5 https://packages.gitlab.com/runner/gitlab-runner/debian stable Release 404 Not Found [IP: 172.64.148.245 443]Hit:6 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates InReleaseHit:7 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-backports InReleaseReading package lists...E: The repository 'https://packages.gitlab.com/runner/gitlab-runner/debian stable Release' does not have a Release file.W: https://dl.yarnpkg.com/debian/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.$ eval $(ssh-agent -s)Agent pid 34508$ mkdir -p ~/.ssh$ echo "${SSH_PRIVATE_KEY}" | tr -d '\r'> ~/.ssh/id_rsa$ chmod 600 ~/.ssh/id_rsa$ chmod 700 ~/.ssh$ echo -e "Host gitlab.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config$ echo "gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtP6AroDQ7T/E9y6eGRc+ItY63To0KDKdsK9i8Yh5Po" >> ~/.ssh/known_hosts$ ssh-keyscan 37.152.183.15 >> ~/.ssh/known_hosts# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10# 37.152.183.15:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10$ git config --global url."git@gitlab.com:".insteadOf "https://gitlab.com/"$ whoamigitlab-runner$ echo "Deploying to server.."Deploying to server..$ ssh -o StrictHostKeyChecking=no -v ubuntu@37.152.183.15 "cd /var/www/api && git pull origin master && php artisan optimize"OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022debug1: Reading configuration data /home/gitlab-runner/.ssh/configdebug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no filesdebug1: /etc/ssh/ssh_config line 21: Applying options for *debug1: Connecting to 37.152.183.15 [37.152.183.15] port 22.debug1: Connection established.debug1: identity file /home/gitlab-runner/.ssh/id_rsa type 0debug1: identity file /home/gitlab-runner/.ssh/id_rsa-cert type -1debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa type -1debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa-cert type -1debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa_sk type -1debug1: identity file /home/gitlab-runner/.ssh/id_ecdsa_sk-cert type -1debug1: identity file /home/gitlab-runner/.ssh/id_ed25519 type -1debug1: identity file /home/gitlab-runner/.ssh/id_ed25519-cert type -1debug1: identity file /home/gitlab-runner/.ssh/id_ed25519_sk type -1debug1: identity file /home/gitlab-runner/.ssh/id_ed25519_sk-cert type -1debug1: identity file /home/gitlab-runner/.ssh/id_xmss type -1debug1: identity file /home/gitlab-runner/.ssh/id_xmss-cert type -1debug1: identity file /home/gitlab-runner/.ssh/id_dsa type -1debug1: identity file /home/gitlab-runner/.ssh/id_dsa-cert type -1debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000debug1: Authenticating to 37.152.183.15:22 as 'ubuntu'debug1: load_hostkeys: fopen /home/gitlab-runner/.ssh/known_hosts2: No such file or directorydebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directorydebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directorydebug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: algorithm: curve25519-sha256debug1: kex: host key algorithm: ssh-ed25519debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: nonedebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: nonedebug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug1: SSH2_MSG_KEX_ECDH_REPLY receiveddebug1: Server host key: ssh-ed25519 SHA256:h0MMC0r0V2etzC5qlBEew/Qy+u0IySIX0HBHxRoH5N0debug1: load_hostkeys: fopen /home/gitlab-runner/.ssh/known_hosts2: No such file or directorydebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directorydebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directorydebug1: Host '37.152.183.15' is known and matches the ED25519 host key.debug1: Found key in /home/gitlab-runner/.ssh/known_hosts:4debug1: ssh_packet_send2_wrapped: resetting send seqnr 3debug1: rekey out after 134217728 blocksdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: ssh_packet_read_poll2: resetting read seqnr 3debug1: SSH2_MSG_NEWKEYS receiveddebug1: rekey in after 134217728 blocksdebug1: get_agent_identities: bound agent to hostkeydebug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identitiesdebug1: Will attempt key: /home/gitlab-runner/.ssh/id_rsa RSA SHA256:FGct1vfxbsrUfy6fpDynPY6GlIMo+V+gpmIuL+LXDE0debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ecdsa debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ed25519 debug1: Will attempt key: /home/gitlab-runner/.ssh/id_ed25519_sk debug1: Will attempt key: /home/gitlab-runner/.ssh/id_xmss debug1: Will attempt key: /home/gitlab-runner/.ssh/id_dsa debug1: SSH2_MSG_EXT_INFO receiveddebug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>debug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,passworddebug1: Next authentication method: publickeydebug1: Offering public key: /home/gitlab-runner/.ssh/id_rsa RSA SHA256:FGct1vfxbsrUfy6fpDynPY6GlIMo+V+gpmIuL+LXDE0debug1: Authentications that can continue: publickey,passworddebug1: Trying private key: /home/gitlab-runner/.ssh/id_ecdsadebug1: Trying private key: /home/gitlab-runner/.ssh/id_ecdsa_skdebug1: Trying private key: /home/gitlab-runner/.ssh/id_ed25519debug1: Trying private key: /home/gitlab-runner/.ssh/id_ed25519_skdebug1: Trying private key: /home/gitlab-runner/.ssh/id_xmssdebug1: Trying private key: /home/gitlab-runner/.ssh/id_dsadebug1: Next authentication method: passworddebug1: read_passphrase: can't open /dev/tty: No such device or addressdebug1: Authentications that can continue: publickey,passwordPermission denied, please try again.debug1: read_passphrase: can't open /dev/tty: No such device or addressdebug1: Authentications that can continue: publickey,passwordPermission denied, please try again.debug1: read_passphrase: can't open /dev/tty: No such device or addressdebug1: Authentications that can continue: publickey,passworddebug1: No more authentication methods to try.ubuntu@37.152.183.15: Permission denied (publickey,password).Cleaning up project directory and file based variablesERROR: Job failed: exit status 1Any idea what should I do?