Gitlab CI with SSH Keys and Deploy Key is not authenticating

jdoe_92 · July 25, 2020, 1:00am

Hi, I am having problems running CI for my repository because the it depends on other modules from a private repository.

The repository and gitlab-runner are running on seperate AWS EC2 instances.

GitLab: EC2-A (OS: Ubuntu, Version: 12.8.1-ee)
GitLab-Runner: EC2-B (OS: CentOS)

I have tried following the Using SSH keys with GitLab CI/CD guide from the GitLab documents.

.gitlab-ci.yml

image: node:latest

before_script:
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
  - eval $(ssh-agent -s)
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
stages:
  - build
  - test
cache:
  paths:
    - node_modules/
installation:
  stage: build
  script:
    - npm install
  artifacts:
    paths:
      - node_modules/
unit_test:
  stage: test
  script: npm test
  coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'

The error message I am getting is when the running the the “installation” process…

npm ERR! Error while executing:
npm ERR! /usr/bin/git ls-remote -h -t git@git.my-domain.com:my-sub-module
npm ERR!
npm ERR! Host key verification failed.
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
npm ERR!
npm ERR! exited with error code: 128

I have tried various different SSH private and public keys because the guide did not specify which machine to generate the SSH key-pair on. I have also tried generating the SSH key-pair under different usernames (root, gitlab-runner, docker).

Local Machine (failed)
GitLab-Runner (failed)
GitLab-Runner - root (failed)
GitLab-Runner - gitlab-runner (failed)
GitLab-Runner - docker (failed)

I have tried adding some DEBUG statements in the gitlab-ci.yml, here are the commands and output (private values removed).

$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
 /usr/bin/ssh-agent
 $ eval $(ssh-agent -s)
 Agent pid 13
 $ whoami
 root
 $ echo "$SSH_PRIVATE_KEY"
 -----BEGIN OPENSSH PRIVATE KEY-----
<removed>
 -----END OPENSSH PRIVATE KEY-----
 $ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
 Identity added: (stdin) (gitlabrunner)
 $ ssh-add -L
 ssh-ed25519 <removed> gitlabrunner
 $ mkdir -p ~/.ssh
 $ chmod 700 ~/.ssh

Has anyone run into this problem or know how to fix? I have been banging my head on the wall over this for over a week now, nothing seems to work.

Any help is very appreciated! Please & thank you!

TheLoneKing · August 2, 2020, 10:46pm

I had the same problem. Here is what I did.

I setup my private key under Settings -> CI/CD -> Variables as a File (choose File under the Type drop-down). And then the below before_script worked for me.

  before_script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval `ssh-agent -s`
    - mkdir -p /root/.ssh
    - chmod 700 /root/.ssh
    - cp $SSH_PRIVATE_KEY /root/.ssh/id_rsa
    - chmod 600 /root/.ssh/id_rsa
    - ssh-add /root/.ssh/id_rsa

I hope this solves your problem!