CI Deployment error even google doesn't know = key_load_file: Bad file descriptor


I’m trying to run CI/CD from gitlab to digital ocean server. Mostly it seems ok, web is running, I can manually checkout the repository, do any git operations, etc. Only thing which is not working is CI/CD.

It always fails on this: key_load_file: Bad file descriptor

ofc I tried google, but seems like this error wasn’t bothering anyone in the past which I find incredible…

.gitlab-ci.yml looks like this:

  - deploy

  stage: deploy
  environment: Production
  image: node:8.9
- master
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh "
  cd /var/www/zlatypisek &&
  git fetch --all &&
  git checkout $CI_COMMIT_SHORT_SHA &&
  composer install &&
  npm install &&
  npm run prod &&
  php artisan migrate &&
  php artisan cache:clear &&
  php artisan config:clear &&
  php artisan view:clear &&
  php artisan route:clear

The output is then:

Running with gitlab-runner 13.7.0-rc1 (98e2e32d)

[2]( on docker-auto-scale 72989761

[3]( the "docker+machine" executor

[4]( Docker executor with image node:8.9 ...

[5]( docker image node:8.9 ...

[6]( docker image sha256:672002a50a0b96b7b74190aea84739592ea0f83819e40a47b4b31ce5d9c31b28 for node:8.9 with digest node@sha256:5afc7736a71bcf24281d9dbff878c771106e0791d56949b1a4e8d27c50424283 ...

[8]( environment

[9]( on runner-72989761-project-23418518-concurrent-0 via runner-72989761-srm-1609687521-18b6edf7...

[11]( source from Git repository

[12]($ eval "$CI_PRE_CLONE_SCRIPT"

[13]( changes with git depth set to 50...

[14]( empty Git repository in /builds/CeeeCZ/zlatypisek/.git/

[15]( fresh repository.

[16]( out b28b07f8 as master...

[17]( Git submodules setup

[19]( "step_script" stage of the job script

[20]($ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )


[22]($ eval $(ssh-agent -s)

[23]( pid 12

[24]($ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > ssh-add -

[25]( added: (stdin) (

[26]( Bad file descriptor

[28]( up file based variables

[30]( Job failed: exit code 1

tried to look into all possible logs, but nothing even remotely connected is in there. I’d be extremely thankful for any suggestions and tips since I’m probably at the end of my skill options here.

Thank you very much!!!

What is this line attempting to perform?

echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > ssh-add -

Running it standalone in a bash shell will produce the same error. It looks like you’re redirecting stdout of the ssh-add command, to another command which also expects a stdin (a second time), which results in the bad file descriptor error when it tries to read.

Perhaps you intended to place a filename here instead of repeating the same command?

That is actually correct! I mean your answer. My friend pointed me the same direction as well. I took this specific line from other older project, shame on me. But it works there, for some reason… I’m currently trying to figure it out the right syntax to whaat I need and try to report the solution here afterwards. Thanks a ton!

As far as I can tell, the output of ssh-add does not seem to be a correct input format for another ssh-add. It looks like the goal is to add the key to ssh-add, which the part before the redirect achieves well.

The commands used are similar to the ones documented at Using SSH keys with GitLab CI/CD | GitLab

Yeah you are right. Probably looking into it for 20 hours straight lowered my ability too see what is right in front of me :)).

I solved it by two changes - first fixed that mistake you pointed out just by:

   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null

then I noticed I’m setting known hosts twice for … I don’t really know what reason. So I left only

 ssh-keyscan >> ~/.ssh/known_hosts

and then it worked! Sometimes a hint and few hours of sleep will do the magic. Thank you again :slight_smile: