CODEWITHSUNDEEP
sshcontinuous-integrationgitlabyaml
Tomas Shelby
Tomas Shelby

Reputation: 243

Error loading key "(stdin)": invalid format Gitlab CI

This is piece of my yaml file about ssh for gitlab ci:

eval $(ssh-agent -s)
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
mkdir -p ~/.ssh
chmod 700 ~/.ssh
'[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'

When I attempted to set SSH_PRIVATE_KEY variable to protected state, it occurs error:

Error loading key "(stdin)": invalid format

and I don't know why it's okay when I set SSH_PRIVATE_KEY variable to unprotected state

Upvotes: 10

Views: 12177

Answers (6)

Arno van Oordt
Arno van Oordt

Reputation: 3510

For me it also failed because the SSH_PRIVATE_KEY was marked as "Protected" but the tag I was using was not.

So either make the branch or tag you are using also protected or remove the "Protected" setting from the SSH_PRIVATE_KEY variable.

See: https://gitlab.com/help/ci/variables/README#create-a-custom-variable-in-the-ui

Protect variable (Optional): If selected, the variable will only be available in pipelines that run on protected branches or tags.

Upvotes: 14

Stefan
Stefan

Reputation: 12260

The solutions here did not work for me, also see related question:

How to add ssh private key from Gitlab CI variable with ssh-add?

=> I use a shell executor, and instead of copying the private key from a CI variable, I manually configured an ssh connection between the gitlab-runner host and the target server (needs to be done for the user "gitlab-runner").

Also see:
https://docs.gitlab.com/ee/ci/ssh_keys/#ssh-keys-when-using-the-shell-executor

Upvotes: 0

Raimens
Raimens

Reputation: 141

I had the same issue and the problem was that I saved the key on GITLAB CI as file. changed it variable, problem sloved.

Upvotes: 1

Havyx
Havyx

Reputation: 11

Settings > CI/CD > Variables

  1. Make sure that your SSH_PRIVATE_KEY is file type.
  2. Check if you are using TAGS, if not... check if the file is marked as Protected, uncheck.
  3. If you copy paste from CAT, make sure that there is a blank line after your last line. Just press enter after:

-----END ... PRIVATE KEY-----

Upvotes: 1

Sardorbek Imomaliev
Sardorbek Imomaliev

Reputation: 15390

This issue could also happen because you have created 4096 bit keys. For some reason this fails in pipeline.

Make sure to create 2048 ones or use file as variable type.

Upvotes: 0

theshemul
theshemul

Reputation: 418

this is because you set SSH_PRIVATE_KEY in a malformed state. my suggestion is to use base64 encoded value in the variable

cat ~/.ssh/id_ras | base64 -w0

add this value to your gitlab ci variable then in your gitlab.ci.yml

ssh-add <(echo "$SSH_PRIVATE_KEY" | base64 -d)

Upvotes: 9

Related Questions