CODEWITHSUNDEEP
sshansiblegitlabterraform
Sina Wolf
Sina Wolf

Reputation: 21

SSH key unprotected terraform ansible jenkins

I have a gitlab repository which contains my ansible and terraform code to dpeloy my infrastructure. (CI/CD) I stored my ssh keys in my gitlab. When my jenkins agent test the ssh connection it works fine. However, when it launches the "ansible-playbook" command, the connection cannot be established because of this error:

> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0mConnecting to remote host via SSH...
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Host: ip address
> [0m[1.google_compute_instance.instance
> (remote-exec):[0m [0m  User: devops
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Password: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Private key: true
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Certificate: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  SSH Agent: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Checking Host Key: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Target Platform: unix
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0mConnected!

[0m[1google_compute_instance.instance (local-exec):[0m [0mfatal:  UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added  (ED25519) to the list of known hosts.\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for Ansible/lab_ssh_key' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/var/jenkins_home/workspace/Ansible/lab_ssh_key\": bad permissions\r\n Permission denied (publickey).", "unreachable": true}

[0m[1google_compute_instance.instance (local-exec):[0m [0mPLAY RECAP *********************************************************************
[0m[1google_compute_instance.instance (local-exec):[0m [0m              : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

I didnt find a way to secure my private key on gitlab. I tried change its permissions with chmod but after that I couldn't upload it on gitlab. Any solutions or other thoughts about this ? Thanks in advance.

Upvotes: 0

Views: 440

Answers (1)

Sina Wolf
Sina Wolf

Reputation: 21

The solution that worked for me is:

  • I stored the key in jenkins. (credentials section)

  • Then I retrieved it in the jenkins file using the "withcredentials" command. After that I proceed to copy the key in my gitlab.

Upvotes: 1

Related Questions