gitlab CI : Error loading key : invalid format

Question

I'm stuck with this problem since 2 days.

Tried with id_rsa.pub and id_rsa from my production server, still the same error... SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.

edit : not protected, not masked.

# This file is a template, and might need editing before it works on your project.
# Official framework image. Look for the different tagged releases at:
# https://hub.docker.com/r/library/node/tags/
image: node:alpine

stages:
  - deploy

deploy:
  stage: deploy
  before_script:
    # Install ssh-agent if not already installed, it is required by Docker.
    # (change apt-get to yum if you use a CentOS-based image)
    - 'which ssh-agent || ( apk add --update openssh )'

    # Add bash
    - apk add --update bash

    # Add git
    - apk add --update git

    # Run ssh-agent (inside the build environment)
    - eval $(ssh-agent -s)

    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    - echo "$SSH_PRIVATE_KEY"
    - echo "$SSH_PRIVATE_KEY" | ssh-add -

    # For Docker builds disable host key checking. Be aware that by adding that
    # you are suspectible to man-in-the-middle attacks.
    # WARNING: Use this only with the Docker executor, if you use it with shell
    # you will overwrite your user's SSH config.
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    # In order to properly check the server's host key, assuming you created the
    # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
    # instead.
    # - mkdir -p ~/.ssh
    # - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
  script:
  - npm i -g pm2
  - pm2 deploy ecosystem.config.js production
  only:
  - master

And when I run the pipeline, I still get this error...

$ echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format

Could you please help ? I'm helpless, clueless, hopeless loading...

Thanks very much !

Answer 1

Sometimes the problem is the way how the gitlab handles the "\n" in the string. So, instead o creating a variable with content of the private key ( a bunch of "\n" ), convert it to base64 (no "\n" characters):

base64 -w 0 .ssh/id_rsa

Then copy the output (don't forget the "=") to your variable SSH_PRIVATE_KEY

In the stage (gitlab-ci.yml):

- echo $SSH_PRIVATE_KEY | base64 -d > rsa.key
- ssh -i rsa user@host "echo hello world;"

Answer 2

My solution was to change CI/CD Variable type from Variable to File.
And instead of sourcing from the variable, did the sourcing from the file where SSH_PRIVATE_KEY is pointing

chmod 600 $SSH_PRIVATE_KEY
ssh-add $SSH_PRIVATE_KEY

Answer 3

Also just as an FYI, my issue was that my SSH key was an OpenSSH format key (ex. -----BEGIN OPENSSH PRIVATE KEY-----) instead of a PEM format key (-----BEGIN RSA PRIVATE KEY-----), if you want instructions on how to convert an OpenSSH key to a PEM key you can find the answer here: Openssh Private Key to RSA Private Key

Answer 4

SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.

This is documented here

in the Value field paste the content of your private key that you created earlier.

So make sure you have pasted the id_rsa full content, including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- (with 5 final -)
(And, as MrDuk comments, a final newline)

Stephane Paquet adds in the comments:

cat ~/.ssh/id_rsa | pbcopy 

to make sure you copy all the required information.

Answer 5

Just as an FYI for anyone else doing this, I had the same problem but had missed the final dash off the END RSA PRIVATE KEY section. It must have 5 dashes as the dividers, apparently.