Closed nelsonic closed 6 years ago
Last night I spent around 4h trying to debug using an SSH Key (with a passphrase) on Travis-CI ... https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384010921#L521
Essentially: having a passphrase
on the SSH key leads to the SSH call to "hang"
because the session stays "logged-in" via SSH ...
There is no way to "exit" the session (that I can find through extensive googling)
My conclusion is that I need to open a StackOverflow Question for this and move on!
(and if I get an answer to my SO Q, I can return
to SSH Keys with passwords ...)
Ah... It's right there!!
This is wasting my time! 😞
Posted this question: https://stackoverflow.com/questions/50542947/how-to-run-ssh-commands-from-bash-when-rsa-key-has-a-password
Now I'm going to try this using an RSA Key without a password
.
I would delighted if someone on SO can help me with my Quest,
but to avoid wasting anymore time on this "dead end",
I'm just going to crack on.
On advice from "chepner" on SO I'm trying out ssh-agent
🤞
see: https://www.ssh.com/ssh/add
obviously that errors: https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384156902#L453
So now, after a bit more googling, I'm trying the -pass "pass:$SSH_ASKPASS"
flag
in RSA key decryption stage ... 🤞
⌛️
obviously that errors too: https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384160512#L451
A least the error message "bad magic number" is amusing (though unhelpful...)
I feel like I've looked at all the StackOverflow / SuperUser / ServerFault / Unix questions/answers on this ... 😞
Now getting:
$ ssh-add ./deploy_key
Enter passphrase for ./deploy_key:
https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384165098#L458
Trying o use expect
command to enter the password for me:
- expect << EOF
expect "Enter passphrase"
send "$SSH_ASKPASS\r"
expect eof
EOF
via: https://stackoverflow.com/a/13034313/1148249 Got: https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384167872#L458
"dry run" of installing expect
worked:
https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384168360#L462
via: https://askubuntu.com/questions/920879/why-so-many-dependencies-for-package-expect
Ok, I've "wrestled" with this "long enough".
expect
was a "dead end".
https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384178154#L479
I really wish I had someone to pair on this with ... 😞
On the advice of @pynexj I'm trying: https://github.com/clarkwang/passh
Just reading the source https://github.com/clarkwang/passh/blob/master/passh.c now ...
The script compiles: (but then Travis can't find the executable...) https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384181218
So now I'm trying to use ./passh
...
https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384182301#L472
Enter passphrase for key './deploy_key':
looks like I'm "back to square one" ... 😢
OK ... I've opened an issue on the passh
repo: https://github.com/clarkwang/passh/issues/2
Feeling like this is the "end of the line" for this Quest ... (at least for today...)
Who
else
is spending their ("Bank Holiday Weekend") Saturday debugging SSH deployment ...?! What is wrong with me...?! Surely there are "better" things to be doing ... like "Socialising" or "Sofa + Netflix"...? 🙄
Using an RSA Key without a password
is easy:
https://travis-ci.org/nelsonic/hello-world-node-http-server/builds/384217141#L501
Let's crack on with this! 👍
This is totes working and PR is ready for review. 👍
In order to deploy "review apps" from Travis-CI we need to:
.travis.yml
file to decrypt the key before attempting to deploy thankfully, I've done this before (and documented it): https://github.com/healthlocker/healthlocker/blob/a57d2741ae703b45ac8eb8465305a6e327baa152/continuous-deployment.md#encrypted-ssh-key-for-deployment so it should be reasonably "easy" (there are a couple more steps this time...)travis
user has the necessary permissions to perform the deploy.