'gitlab-ci SSH key invalid format

I would like run deploy script with gitlab-ci, but step ssh-add $SSH_PRIVATE_KEY return an error :

echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format

You can see my .gitlab-ci.yml :

deploy:
  image: node:9.11.1-alpine
  stage: deploy
  before_script:
    # Install ssh-agent if not already installed, it is required by Docker.
    # (change apt-get to yum if you use a CentOS-based image)
    - 'which ssh-agent || ( apk add --update openssh )'

    # Add bash
    - apk add --update bash

    # Add git
    - apk add --update git

    # Run ssh-agent (inside the build environment)
    - eval $(ssh-agent -s)

    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    - echo "$SSH_PRIVATE_KEY"
    - echo "$SSH_PRIVATE_KEY" | ssh-add -

    # For Docker builds disable host key checking. Be aware that by adding that
    # you are suspectible to man-in-the-middle attacks.
    # WARNING: Use this only with the Docker executor, if you use it with shell
    # you will overwrite your user's SSH config.
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    # In order to properly check the server's host key, assuming you created the
    # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
    # instead.
    # - mkdir -p ~/.ssh
    # - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
  script:
    - npm i -g pm2
    - pm2 deploy ecosystem.config.js production
  # only:
  # - master

On my project setting, i've been add SSH_PRIVATE_KEY variable, with the id_rsa from my production server cat ~/.ssh/id_rsa.pub.

Anyone can help me ?

gitlabgitlab-ci


Solution 1:[1]

In my case, it was because I had made my SSH_PRIVATE_KEY variable protected. When I disabled the Protected state, it worked without any error.

enter image description here

Solution 2:[2]

In my case I had to put a new line at the end of the SSH_PRIVATE_KEY variable

Solution 3:[3]

I made a stupid mistake and added the key without -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- clauses.

Summing up, you should add:

-----BEGIN RSA PRIVATE KEY-----
<< the key itself goes here >>
-----END RSA PRIVATE KEY-----

Also, ensure the newline after the closing is present.

Solution 4:[4]

It works with variable expansion (curly brackets in double string quotation):

  - echo "${SSH_PRIVATE_KEY}" | ssh-add -

While keeping the SSH_PRIVATE_KEY variable protected!

This approach is simply a less ambiguous method for printing variables; in this case it prevents trimming of the last line break.

Solution 5:[5]

It is the SSH public key in ~/.ssh/id_rsa.pub by default.

The private key is contained in ~/.ssh/id_rsa

Solution 6:[6]

If you export key from PuTTYgen, to get key content use its command Conversations - Export OpenSSH key (force new file format)

And trim last spaces and add new line.

Solution 7:[7]

You must copy the entire contents of the file(id_rsa), including the final blank line. I solve the problem this way.

Solution 8:[8]

Make sure that the newline after the end of the file variable is present. If not, the following error would have appeared:

Load key "/home/.../....tmp/ID_RSA": invalid format
 [MASKED]@...: Permission denied (publickey).

The ID_RSA was my file variable in this example.

Solution 9:[9]

for all people reaching this post not finding a solution yet.

Try to make the branch protected, because its a must for protected variables.

Protected: Only exposed to protected branches or protected tags.

Add a CI/CD variable to a project

Solution 10:[10]

I got it working with a protected variable.

If the variable is file, echo won't work anymore:

cat "$SSH_PRIVATE_KEY" | ssh-add -

Otherwise; if variable is NOT file, use the following:

echo "$SSH_PRIVATE_KEY" | ssh-add -

Solution 11:[11]

In my case, it was because I had made my SSH_PRIVATE_KEY variable available in a specific enviroment. I changed it to the one I was using (or you can change it to All, depending on your setup).

Solution 12:[12]

I had this issue on gitlab and bitbucket, both were solved adding a \n by the end of the key file.

echo $'' >> ~/.ssh/id_rsa

Solution 13:[13]

it possible you didn't copy the content of the public key to the authorized_keys

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Solution 14:[14]

Use

  SSH_PRIVATE_KEY: |
    -----BEGIN OPENSSH PRIVATE KEY-----

instead of

  SSH_PRIVATE_KEY: >
    -----BEGIN OPENSSH PRIVATE KEY-----

'|' would save the line break '\n'

Related Questions

How to backup/export Gitlab CI environment variables?

clone an existing project in gitLab

gitlab-ce 12.X : how do I find the hashed storage path of a repository on the server?

Lighthouse GitLab CI for a Jekyll website times out

git ignore .env files not working

Server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

Retrieving a CI variable from Gitlab project and use it within Dockerfile

How to git clone with username and password in gitlab?

Script command using ":" causing error in .gitlab-ci.yml execution

How do i setup Slack Notifications for Gitlab scheduled pipelines only?

How do i setup Slack Notifications for Gitlab scheduled pipelines only?

How to step into NuGet packages outside of debug session

Gitlab-CI with Docker executor /usr/bin/bash: line 90: git: command not found

How to limit a job in gitlab ci to a tag matching a pattern?

SSH-Key not recognized "receive packet: type 51" in Gitlab-CE