我正在使用Gitlab CI来构建静态生成的网站并将其发送到我的服务器。 我使用SSH密钥对从rsync建立连接,但是我的服务器拒绝连接。
我尝试了几件事情:从ED25519密钥开始,改用RSA密钥,所有公共密钥都在服务器上的authorized_keys中,通过gitlab-ci.yml更改了文件和文件夹的权限,使用ssh-keyscan将服务器放入已知主机…无济于事。
gitlab-ci.yml如下:
image: ruby:2
pages:
stage: deploy
before_script:
- apt-get update
- apt-get install rsync -y
- eval $(ssh-agent -s)
- chmod 400 "$SSH_PRIVATE_KEY"
- ssh-add "$SSH_PRIVATE_KEY"
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $SERVER >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- bundle install
- bundle exec jekyll build -d $LOCALDIR
after_script:
- rsync -paz $LOCALDIR $USER@$SERVER:$REMOTEDIR
artifacts:
paths:
- $LOCALDIR
only:
- master
- dev
日志输出的一部分如下:
$ rsync -paz $LOCALDIR $USER@$SERVER:$REMOTEDIR
Permission denied, please try again.
Permission denied, please try again.
$SERVER: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(228) [sender=3.2.3]
嗯,这个话题有什么帮助或提示吗?
编辑1 - SSH日志
谢谢@Andrew。我使用建议的ssh -vvvvvv ...
选项,并提取了输出的一部分:
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug3: no such identity: /root/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug3: no such identity: /root/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
所以,也许在 gitlab-ci.yml 中的命令 ssh-add "$SSH_PRIVATE_KEY"
并没有按预期工作。
编辑2 - 答案
感谢 @VonC 提供的复制 SSH 私钥的提示,问题得到了解决。以下是最终的 gitlab-ci.yml
,可以正常工作:
image: ruby:2
pages:
stage: deploy
before_script:
- apt-get update
- apt-get install rsync -y
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- cp "$SSH_PRIVATE_KEY" ~/.ssh/id_ed25519
- chmod 600 ~/.ssh/id_ed25519
- ssh-keyscan $SERVER >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- bundle install
- bundle exec jekyll build -d $LOCALDIR
after_script:
- rsync -auz --delete --omit-dir-times $LOCALDIR $USER@$SERVER:$REMOTEDIR
artifacts:
paths:
- $LOCALDIR
only:
- master
- dev
ssh -vvvvvv $USER@$SERVER exit 0
,假设你的使用账户没有被限制在rsync上,并显示相关日志?此外,你是否有访问该服务器以检查sshd日志的权限?journalctl -u sshd
应该会有所帮助。 - Andrew