Gitlab pipline with manual asking for ssh password

Problem to solve

I’m using gitlab pipeline for deploy to remote server.

like this:

  stage: deploy
    - chmod 400 $SSH_KEY # with wider rights ssh not allow for connection
    - $($SSH_COMMAND "
          docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY &&
          docker pull $IMAGE_TAG_COMMIT
          docker logout

It works but forced me to remove password from used certificate.
This pipeline is run manually so it’s not a big deal to manually pass password to SSH when
deploy stage occurs.

How to do this?

Hi there,

You could use GitLab CI/CD variables (in the same way you’re already using them in your configuration. You can either:

  • store your password in a project’s CI/CD variables (then you don’t need to input it manually every time), or
  • add it manually over UI just before the job starts - in that case, don’t forget to add when: manual to your job. When the job is created, all you need to do is click on the job name (NOT the Play button), and a UI like this will pop up:

    here you can enter exact variable name and value and click “Run job”

Hope this helps :slight_smile:


What I want to achieve is to make ssh command simple.
I saw tutorials which describes how to use sshpass.
They was complicated and require lot of effort to understand what is happening there.

I thought if I can use some how manual input I can skip usage of sshpass to provide password.

@paula.kokic do you think it’s possible?


Hmm, I think you will have to use sshpass either way, because you cannot stop a GitLab job in the middle and ask for input :confused: (at least AFAIK, you can still browse the docs).

Perhaps stupid question: why don’t you use SSH Keys without passphrase? Isn’t that secure enough for your use case?

1 Like

I’m using it.