Login/Register
GITLAB CI Error loading key "/dev/fd/63": invalid format ERROR: Job failed: exit code 1
Asked Answered
Solved gitlab-ci
H

10

20

Here is my code giltlab-ci.yml :

 before_script:
  ##
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  ##
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'

  ##
  ## Run ssh-agent (inside the build environment)
  ##
  - eval $(ssh-agent -s)
  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##
  - mkdir -p ~/.ssh
  #- echo -n "$PROJECT_SSH_KEY" | ssh-add - >/dev/null
  - echo "$PROJECT_SSH_KEY"
  - ssh-add <(echo "$PROJECT_SSH_KEY")
  - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
      ##
  ## Create the SSH directory and give it the right permissions
  ##
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh

  ##
  ## Optionally, if you will be using any Git commands, set the user name and
  ## and email.
  ##
  #- git config --global user.email "[email protected]"
  #- git config --global user.name "User name"

I get this out put

Running with gitlab-runner 11.8.0 (4745a6f3) on Allence-Tunisie-docker-runner sH47eTgb Using Docker executor with image ntfactory/ci-tool:0.0.2 ... Pulling docker image ntfactory/ci-tool:0.0.2 ... Using docker image sha256:7fe7b170806f6846271eec23b41c4f79202777f62c0d7a32165dc41722900979 for ntfactory/ci-tool:0.0.2 ... Running on runner-sH47eTgb-project-11060727-concurrent-0 via a732493b4b94... Cloning repository... Cloning into '/builds/allence-tunisie/e-formation'... Checking out 0a6b48ef as feat/gitlab-ci... Skipping Git submodules setup Checking cache for default... No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted. Successfully extracted cache $ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y ) /usr/bin/ssh-agent $ eval $(ssh-agent -s) Agent pid 12 $ mkdir -p ~/.ssh $ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null Error loading key "(stdin)": invalid format ERROR: Job failed: exit code 1

even though i tried - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null i get this error

Error loading key "(stdin)": invalid format

Hypergolic answered 18/3, 2019 at 14:25 Comment(2)
could you solve the error?Cleptomania
yes in fact the problem was with the ssh keyHypergolic
C
40

This error happens when the private key in $SSH_PRIVATE_KEY is malformed, you can easily test it locally if you add some random characters in it. In particular, it happens on Travis-CI when you just copy & paste the private key into the SSH_PRIVATE_KEY variable in the online form. It has to do with the new line characters after and before the -----BEGIN RSA PRIVATE KEY-----, -----END RSA PRIVATE KEY----- blocks. For this reason, I use base64 encoding to make sure the key is formatted properly.

try this:

  • Encode your private RSA key

    cat my_private_key | base64 -w0

  • Add the base64 string to your project variables.

  • Use it in your .gitlab-ci.yml

ssh-add <(echo "$SSH_PRIVATE_KEY" | base64 -d)

https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_15038961

Cleptomania answered 4/4, 2019 at 18:56 Comment(2)
did you copy the answer from here gitlab.com/gitlab-examples/ssh-private-key/issues/… ??? if so you should add the source...Lycaon
gitlab.com/gitlab-examples/ssh-private-key/-/issues/… this worked for me.Irremeable
R
38

If you have protected the variable then you need to have a protected branch. As mentioned in the variables settings - "They can be protected by only exposing them to protected branches or tags."

Rudiger answered 29/5, 2020 at 14:26 Comment(4)
you save my day :)Diphase
In my case I was accidentally creating unprotected tags from main. This failed as my variables are protected. To fix this I went into Settings -> Repository -> Protected tags.Filling
Scrolled right past this but it solved it for me! To check if this is happening you can also do a simple wc -c check which will show length 0 if the variable is inaccessible.Crap
This helped a lot, even more than the accepted answer, tnx :)Executioner
V
1

Step by step:

  1. Generate ssh key info about generation
ssh-keygen -t ed25519 -C "<comment>"
  1. Encode PRIVATE_KEY
cat /root/.ssh/id_rsa | base64 -w0
# OR
echo "-----BEGIN OPENSSH..." | base64 -w0

  1. On gitlab, go to your repository > settings > CI/CD > Variables and add your variable with encoded value (also you can switch "protected variable flag")

  2. In you .gitlab-ci.yml add decoding pipe

- ssh-add <(echo "$SSH_KEY" | base64 -d)
  1. That's all.

But if you will have "Permission denied, please try again." error after all - try my answer here

Vollmer answered 29/10, 2022 at 22:51 Comment(0)
C
0

As mentioned in this thread on GitLab's bug tracker, the issue can arise when carriage return characters (\r) are added to the variable (a.k.a. "secret"). This can be worked around by piping to tr -d "\r" to delete these characters, leaving the SSH key correctly formed.

An example in your CI would be:

ssh-add <(echo "${SSH_priv_key_b64}" | base64 --decode | tr -d "\r")

Note that base 64 encoding is necessary to use an SSH key with the "masked" and "protected" properties.

Crap answered 1/11, 2021 at 16:18 Comment(0)
J
0

For me I protected branch and tags , and then I finally did it without any errors.

Jassy answered 29/11, 2021 at 10:21 Comment(1)
Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.Sisterhood
R
0

The documentation says that they have fixed the error. This is the new way to do it.

  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##

  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
Regulate answered 7/4, 2022 at 19:6 Comment(0)
A
0

The error I got was similar as above ones. However none of above works on my case. After I tried several times, I noticed the file is empty when my pipeline was running. Considering that I made my secrets only exposed to protected branches or protected tags, I went /-/settings/repository and added my target branches. Everything works now.

Aracelyaraceous answered 16/5, 2022 at 0:58 Comment(0)
A
0

I got this error from a silly mistake!- in my GitLab project settings, the Type for my variable was set to File instead of Variable.

And so, changing the Type from File to Variable fixed this for me.

Aalst answered 26/8, 2022 at 4:53 Comment(0)
A
0

My case was that the key was in the variable that had a flag that it could be used only on the protected branch, but my branch was not pr

Anacrusis answered 5/6 at 12:21 Comment(0)
S
-1

You must gen RSA key not OPENSSH Key. Use param "-m PEM" (ssh-keygen -m PEM) to generate RSA Key will start with -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----

Solubility answered 31/5, 2021 at 10:26 Comment(1)
Nope, that's not true.Crap

© 2022 - 2024 — McMap. All rights reserved.