forked from pub-solar/os
ci: fix Host key verification failed
- missing SSH known_hosts in deploy pipeline - SSH tries to use Trust-On-First-Use (TOFU) interactively to add a new host key - verbose SSH logs: debug1: Server host key: ssh-ed25519 SHA256:1bbksDNYBWSh/rIFP7MMfs557kWn1dM64bpXdnfBE5E debug1: read_passphrase: can't open /dev/tty: No such device or address - deploy-rs uses nix, which uses SSH which doesn't use the environment variable HOME, but rather /etc/passwd to find a user's HOME
This commit is contained in:
parent
6192881ac1
commit
9dc77abfc8
18
.drone.yml
18
.drone.yml
|
@ -28,16 +28,14 @@ steps:
|
||||||
PRIVATE_SSH_KEY:
|
PRIVATE_SSH_KEY:
|
||||||
from_secret: ci_private_ssh_key
|
from_secret: ci_private_ssh_key
|
||||||
SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj"
|
SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj"
|
||||||
|
# SSH uses HOME from /etc/passwd, not from the environment, so override it
|
||||||
|
NIX_SSHOPTS: "-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519"
|
||||||
commands:
|
commands:
|
||||||
- "mkdir ~/.ssh && chmod 700 ~/.ssh"
|
- mkdir $$HOME/.ssh && chmod 700 $$HOME/.ssh
|
||||||
- echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
|
- echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
|
||||||
- echo "$$SSH_HOST_KEY" > ~/.ssh/known_hosts
|
- echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
|
||||||
- echo DEBUG env
|
- "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
|
||||||
- env
|
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln'
|
||||||
- echo DEBUG ls -alh ~/.ssh
|
|
||||||
- ls -alh ~/.ssh
|
|
||||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
|
||||||
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln' --ssh-opts='-v' -- --impure
|
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
|
@ -163,6 +161,6 @@ volumes:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: d10ac7912c87547d54d9883f456d5fbc5302fa9ca80941ed9a9b93080e32ef88
|
hmac: c7083fb6372539aee0c22490f08252ec310de8e92f6d5b7d58872ffc649de660
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
Loading…
Reference in a new issue