GITLAB CI Error loading key "/dev/fd/63": invalid format ERROR: Job failed: exit code 1

Question

Here is my code giltlab-ci.yml :

 before_script:
  ##
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  ##
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'

  ##
  ## Run ssh-agent (inside the build environment)
  ##
  - eval $(ssh-agent -s)
  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##
  - mkdir -p ~/.ssh
  #- echo -n "$PROJECT_SSH_KEY" | ssh-add - >/dev/null
  - echo "$PROJECT_SSH_KEY"
  - ssh-add <(echo "$PROJECT_SSH_KEY")
  - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
      ##
  ## Create the SSH directory and give it the right permissions
  ##
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh

  ##
  ## Optionally, if you will be using any Git commands, set the user name and
  ## and email.
  ##
  #- git config --global user.email "[email protected]"
  #- git config --global user.name "User name"

I get this out put

Running with gitlab-runner 11.8.0 (4745a6f3) on Allence-Tunisie-docker-runner sH47eTgb Using Docker executor with image ntfactory/ci-tool:0.0.2 ... Pulling docker image ntfactory/ci-tool:0.0.2 ... Using docker image sha256:7fe7b170806f6846271eec23b41c4f79202777f62c0d7a32165dc41722900979 for ntfactory/ci-tool:0.0.2 ... Running on runner-sH47eTgb-project-11060727-concurrent-0 via a732493b4b94... Cloning repository... Cloning into '/builds/allence-tunisie/e-formation'... Checking out 0a6b48ef as feat/gitlab-ci... Skipping Git submodules setup Checking cache for default... No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted. Successfully extracted cache $ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y ) /usr/bin/ssh-agent $ eval $(ssh-agent -s) Agent pid 12 $ mkdir -p ~/.ssh $ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null Error loading key "(stdin)": invalid format ERROR: Job failed: exit code 1

even though i tried - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null i get this error

Error loading key "(stdin)": invalid format

Answer 1

This error happens when the private key in $SSH_PRIVATE_KEY is malformed, you can easily test it locally if you add some random characters in it. In particular, it happens on Travis-CI when you just copy & paste the private key into the SSH_PRIVATE_KEY variable in the online form. It has to do with the new line characters after and before the -----BEGIN RSA PRIVATE KEY-----, -----END RSA PRIVATE KEY----- blocks. For this reason, I use base64 encoding to make sure the key is formatted properly.

try this:

• Encode your private RSA key

  cat my_private_key | base64 -w0

• Add the base64 string to your project variables.

• Use it in your .gitlab-ci.yml

ssh-add <(echo "$SSH_PRIVATE_KEY" | base64 -d)

https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_15038961

Answer 2

If you have protected the variable then you need to have a protected branch. As mentioned in the variables settings - "They can be protected by only exposing them to protected branches or tags."