You aren't going to be able to use any sort of GUI program like ssh-askpass
on a CI system because on Linux CI systems there is no GUI available.
If you want to use an SSH key in a CI system, you should use one that does not have a password set and store it in your CI system's secret store, then copy it to a file and use it. OpenSSH intentionally does not provide a way to programmatically read a password.
Note that if you have only one SSH key without a password, you don't need ssh-agent
or ssh-add
at all. Assuming the contents of your private key are in the variable SSH_KEY
(e.g., due to your CI system's secret store), you can simply do this:
echo "$SSH_KEY" > ~/.ssh/id_rsa
ssh [email protected] 'echo hello from the remote machine`
You won't want to run ssh
without a command since that will try to start an interactive session, which won't be useful to you. If your goal is to use Git to push and pull over an SSH connection, then you don't need to run ssh
at all.
Finally, note that you will probably want to write the remote system's host key information into a file as part of your pipeline, either from your pipeline or a secret, because SSH won't connect if the host key isn't trusted. You can obtain this information by running a command like this: ssh-keyscan github.com 2>/dev/null
. You can then take that output and insert it into your known_hosts
file like this:
echo "github.com ssh-rsa AAAA...truncated" > ~/.ssh/known_hosts
This is far more secure than turning off strict host key checking.