Deploying with CircleCI - SSH into server requires password but I have SSH key associated

Question

I am trying to SSH into the server as part of the deployment job in CircleCI

ssh -oStrictHostKeyChecking=no $DEV_DROPLET_USER@$DEV_DROPLET_IP

I have my SSH private key for the user on this server loaded into CircleCI but everytime I run the job, I get this output

Warning: Permanently added '$host' (ECDSA) to the list of known hosts. <$user>@<$host>'s password:

How can I stop it prompting me for the password?

I have added the SSH key for this user to the SSH Agent on the server (these instructions)

Answer 1

For a passwordless ssh connection, you must:

• put the private ssh key into a file in the directory $HOME/.ssh/ on the client computer connecting to the server (example : $HOME/.ssh/MyServer)
• copy the public ssh key into the file $HOME/.ssh/authorized_keys on the server
• have writing permission on the file $HOME/.ssh/known_hosts on the client computer

The sshd service is normally already configured to accept key based authentication.

From the client computer, you can now do a passwordless connection ssh -i $HOME/.ssh/MyServer $DEV_DROPLET_USER@$DEV_DROPLET_IP

Of course, on the client computer your $DEV_DROPLET_USER must have appropriate permissions for accessing the ssh related files.

You don’t need to do anything with the ssh agent, on the client or on the server.

Answer 2

Late reply, but I hope it helps somebody else in the future.

Assuming you followed these instructions in the CircleCI docs, then the private key will automatically be copied to the machine being used by CircleCI when the add_ssh_keys step is run.

Make sure one the server you are trying to SSH into, the public key generated (in ~/.ssh/id_rsa.pub or something similar) is copied to the ~/.ssh/authorized_hosts file on the same server. This crucial step is what allows anybody with the private key (CircleCI) to be allowed into the server.