我正在使用TRAVIS CI设置自动部署,但是尝试同步到服务器时我的脚本卡住了。据我所知,是SSH登录失败,特别是公钥登录。
我的YAML文件({User,Host,Dir和Key Decryption(已替换为openssl aes--256-cbc等)):
language: node_js
node_js:
- 10.7.0
addons:
ssh_known_hosts: <HOST>
hosts: <HOST>
branches:
only:
- master
env:
global:
- DEPLOY_USER=<USER>
- DEPLOY_HOST=<HOST>
- DEPLOY_DIRECTORY=<DIR>
before_install:
- npm install -g npm@6.4.1
install:
- npm install
script:
- npm run build
before_deploy:
- <DECRYPTION> -in deploy_rsa.enc -out /tmp/deploy_rsa -d
- eval "$(ssh-agent -s)"
- chmod 600 /tmp/deploy_rsa
- ssh-add /tmp/deploy_rsa
deploy:
provider: script
skip_cleanup: true
script: rsync -r --delete-after --quiet -e"ssh -v -i /tmp/deploy_rsa" $TRAVIS_BUILD_DIR/dist/ <USER>@<HOST>:<DIR>
on:
branch: master
一切正常,直到rsync为止,rsync会给出此日志(再次在此处替换主机名,用户和ECDSA密钥):
Deploying application
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/travis/.ssh/config
debug1: /home/travis/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <HOST> [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /tmp/deploy_rsa type -1
debug1: identity file /tmp/deploy_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA <ECDSA>
debug1: Host '<HOST>' is known and matches the ECDSA host key.
debug1: Found key in /home/travis/.ssh/known_hosts:11
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /tmp/deploy_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /tmp/deploy_rsa
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
<USER>@<HOST>'s password: debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
当我从自己的计算机上尝试相同的rsync命令(具有相同的公钥和测试文件夹)时,它会起作用并给出以下信息:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: deploy_rsa
debug1: Authentication succeeded (publickey).
Authenticated to <HOST>.
我搜索了文档,进行了广泛搜索,已经尝试了许多不同的方法,以不同的方式将密钥添加到ssh-agent,手动指定密钥,sudo true / false / required等,以及我很茫然。
我注意到日志略有不同,TRAVIS日志似乎认为我的服务器接受密码身份验证,而我自己计算机的日志仅显示“ publickey”作为有效方法,这是正确的,因为禁用了密码身份验证。
ssh代理正确尝试在/ tmp / deploy_rsa中给出密钥,由于某种原因该密钥失败,然后我手动给出它,它显示key_parse_private2: missing begin marker(从我的搜索看来这是一条正常消息,表明成功的无密码登录?),似乎又失败了。
是否可以让TRAVIS理解密码登录已禁用?强制ssh-agent仅使用publickey?以及为什么它似乎重试(从ssh-agent尝试密钥,尝试我的密钥等),但未显示任何失败消息,因此该密钥似乎被识别且有效。
可能解密密钥(deploy_rsa)无效吗?在使用travis encrypt-file deploy_rsa --add进行加密之前,相同的密钥就可以在我的机器上使用。
预先感谢您的回答。
答案 0 :(得分:0)
事实证明Travis CI不需要域名(即使这对我来说在其他所有环境中都有效),并且绝对需要IP地址。
我尝试过,但是还有其他较早的问题(解密私钥),一旦修复后就忘记尝试IP。
我觉得很傻,但是现在可以了。