我正在使用TRAVIS CI设置自动部署,但在尝试rsync到服务器时,我的脚本被卡住了。据我所知,失败的是SSH登录,特别是公钥登录。
我的YAML文件(已替换User、Host、Dir和Key Decryption(openssl aes--256 cbc等((:
language: node_js
node_js:
- 10.7.0
addons:
ssh_known_hosts: <HOST>
hosts: <HOST>
branches:
only:
- master
env:
global:
- DEPLOY_USER=<USER>
- DEPLOY_HOST=<HOST>
- DEPLOY_DIRECTORY=<DIR>
before_install:
- npm install -g npm@6.4.1
install:
- npm install
script:
- npm run build
before_deploy:
- <DECRYPTION> -in deploy_rsa.enc -out /tmp/deploy_rsa -d
- eval "$(ssh-agent -s)"
- chmod 600 /tmp/deploy_rsa
- ssh-add /tmp/deploy_rsa
deploy:
provider: script
skip_cleanup: true
script: rsync -r --delete-after --quiet -e"ssh -v -i /tmp/deploy_rsa" $TRAVIS_BUILD_DIR/dist/ <USER>@<HOST>:<DIR>
on:
branch: master
一切都很好,直到rsync,它给出了这个日志(这里再次替换了主机名、用户和ECDSA密钥(:
Deploying application
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/travis/.ssh/config
debug1: /home/travis/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <HOST> [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /tmp/deploy_rsa type -1
debug1: identity file /tmp/deploy_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA <ECDSA>
debug1: Host '<HOST>' is known and matches the ECDSA host key.
debug1: Found key in /home/travis/.ssh/known_hosts:11
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /tmp/deploy_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /tmp/deploy_rsa
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
<USER>@<HOST>'s password: debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
当我在自己的机器上(使用相同的公钥和测试文件夹(尝试相同的rsync命令时,它会起作用,并给出以下结果:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: deploy_rsa
debug1: Authentication succeeded (publickey).
Authenticated to <HOST>.
我已经搜索了文档,到处搜索,已经尝试了很多不同的东西,向ssh代理添加密钥的不同方法,手动指定,sudo true/false/required等等……我不知所措。
我注意到日志的细微差异,TRAVIS日志似乎认为我的服务器接受密码验证,而我自己机器的日志只显示"公钥"是一种有效的方法,这是正确的,因为密码验证被禁用了。
ssh代理正确地尝试在/tmp/deploy_rsa中提供密钥,但由于某种原因失败了,然后我手动提供它,它显示key_parse_private2: missing begin marker(从我的搜索来看,这似乎是一条正常的消息,指示成功的无密码登录?(,并且似乎再次失败。
有没有办法让TRAVIS明白密码登录被禁用了?要强制ssh代理只使用公钥吗?为什么它似乎在重试(从ssh代理尝试密钥,尝试我的密钥,等等…(,但没有显示任何失败消息,密钥似乎已识别且有效。
是否可能解密的密钥(deploy_rsa(无效?相同的密钥,在用travis encrypt-file deploy_rsa --add加密之前在我的机器上工作。
提前感谢您的回答。
事实证明Travis CI不想要域名(尽管这对我来说适用于其他所有上下文(,并且绝对需要IP地址。
我试过了,但之前遇到了其他问题(解密私钥(,并且在这些问题解决后忘记了尝试IP。
我觉得很傻,但现在它起作用了。