Stored key not picked up by scp
antonpirker opened this issue · 5 comments
Hello!
First, thanks for this action, really nice!
I have the problem, that the saved key file is not found by a call to scp
in the following step.
This is how I call your action:
- name: Install SSH key
uses: shimataro/ssh-key-action@v1
with:
private-key: ${{ secrets.SSH_KEY_PRODUCTION }}
public-key: ${{ secrets.SSH_KEY_PRODUCTION_PUBLIC }}
In the log of my workflow I see the following message (so I assume everything worked as expected):
Run shimataro/ssh-key-action@v1
with:
private-key: ***
public-key: ***
name: id_rsa
SSH key has been stored to /home/runner/.ssh successfully.
In my workflow then I call scp like this:
- name: Deploy to production
if: github.ref == 'refs/heads/master'
run: |
scp -v ./docker-compose.yml myuser@141.93.196.111:/somedir/
In the log of my workflow I see that the file is not found:
Run scp -v ./docker-compose.yml codefrog@142.93.196.203:/codefrog/
Executing: program /usr/bin/ssh host 142.93.196.203, user codefrog, command scp -v -t /codefrog/
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 142.93.196.203 [142.93.196.203] port 22.
debug1: Connection established.
debug1: identity file /home/runner/.ssh/id_rsa type 0 <--- *** HERE! ***
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
Can you please help me. What am I missing?
Thank you very much!
Hello @antonpirker. Thank you for using this action!
debug1: identity file /home/runner/.ssh/id_rsa type 0 <--- *** HERE! ***
It is not an error, means that id_rsa
is RSA key.
(see here)
As far as I see, SCP seems to connected successfully.
If transfer failed, could you paste whole log?
Hi!
Thanks for your quick reply. The error message is in the next line:
debug1: identity file /home/runner/.ssh/id_rsa type 0 <--- *** HERE! ***
debug1: key_load_public: No such file or directory
So it seems that the file is not found by scp
. Any idea why this is failing?
Thanks
Anton
PS: This is the complete log of the scp
command attempt:
Run scp -v ./docker-compose.yml codefrog@142.93.196.203:/codefrog/
Executing: program /usr/bin/ssh host 142.93.196.203, user codefrog, command scp -v -t /codefrog/
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 142.93.196.203 [142.93.196.203] port 22.
debug1: Connection established.
debug1: identity file /home/runner/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/runner/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
OK, I understand what you are saying.
These pairs seem to consist of key_load_public
, identity file
in this order.
I tried removing id_rsa.pub
and run scp
in my computer:
...
debug1: Connection established.
debug1: key_load_public: No such file or directory <- appeared before id_rsa!
debug1: identity file /home/shimataro/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/shimataro/.ssh/id_rsa-cert type -1
...
In your case, I think it's no problem because no key_load_public
printed before id_rsa
.
...
debug1: Connection established.
debug1: identity file /home/runner/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory <- for id_rsa-cert.pub
debug1: identity file /home/runner/.ssh/id_rsa-cert type -1
...
By the way, is docker-compose.yml
transferred successfully?
Hi!
Sorry for the delay.
No, the docker-compose.yml
was not transferred successfully.
I did some debugging and learned, that the writing of the known_hosts
file was the problem.
So I changed my scp
command from:
scp -v ./docker-compose.yml codefrog@xxx.xxx.xxx.xxx:/codefrog/
to:
scp -v -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/runner/.ssh/id_rsa ./docker-compose.yml codefrog@xxx.xxx.xxx.xxx:/codefrog/
And now everything is working as expected!
Thanks a lot for helping tracking this issue down! Greetings from Austria!
@antonpirker
Congratulations!🎉
I highly recommend specifying known-hosts
parameter for security reason.
- name: Install SSH key
uses: shimataro/ssh-key-action@v1
with:
private-key: ${{ secrets.SSH_KEY_PRODUCTION }}
public-key: ${{ secrets.SSH_KEY_PRODUCTION_PUBLIC }}
known-hosts: ${{ secrets.KNOWN_HOSTS }} # optional, but HIGHLY recommended
And you will be able to run SCP without -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
.
scp -v ./docker-compose.yml codefrog@xxx.xxx.xxx.xxx:/codefrog/
Note: I'm planning to make known-hosts
required in v2.