小贝子编程

SSH密钥未受保护的terraform ansible jenkins



我有一个gitlab存储库,其中包含部署基础设施的可见代码和地形代码。(CI/CD)我把ssh密钥存储在我的gitlab中。当我的jenkins代理测试ssh连接时,它工作正常。然而,当它启动"可行的剧本"时;命令,连接无法建立,因为此错误:

> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0mConnecting to remote host via SSH...
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Host: ip address
> [0m[1.google_compute_instance.instance
> (remote-exec):[0m [0m  User: devops
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Password: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Private key: true
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Certificate: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  SSH Agent: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Checking Host Key: false
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0m  Target Platform: unix
> [0m[1google_compute_instance.instance
> (remote-exec):[0m [0mConnected!
[0m[1google_compute_instance.instance (local-exec):[0m [0mfatal:  UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added  (ED25519) to the list of known hosts.rn@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@rn@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @rn@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@rnPermissions 0644 for Ansible/lab_ssh_key' are too open.rnIt is required that your private key files are NOT accessible by others.rnThis private key will be ignored.rnLoad key "/var/jenkins_home/workspace/Ansible/lab_ssh_key": bad permissionsrn Permission denied (publickey).", "unreachable": true}
[0m[1google_compute_instance.instance (local-exec):[0m [0mPLAY RECAP *********************************************************************
[0m[1google_compute_instance.instance (local-exec):[0m [0m              : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

我没有找到一种方法来保护我的私钥在gitlab。我试着用chmod改变它的权限,但之后我无法在gitlab上上传它。对此有什么解决方案或其他想法吗?提前谢谢。

我的解决方案是:

  • 我将密钥存储在jenkins中。(凭证部分)

  • 然后我使用"withcredential "在jenkins文件中检索它命令。之后,我继续在我的gitlab中复制密钥。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium