gitlab CI : Error loading key : invalid format

Question

I'm stuck with this problem since 2 days.

Tried with id_rsa.pub and id_rsa from my production server, still the same error... SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.

edit : not protected, not masked.

# This file is a template, and might need editing before it works on your project.
# Official framework image. Look for the different tagged releases at:
# https://hub.docker.com/r/library/node/tags/
image: node:alpine

stages:
  - deploy

deploy:
  stage: deploy
  before_script:
    # Install ssh-agent if not already installed, it is required by Docker.
    # (change apt-get to yum if you use a CentOS-based image)
    - 'which ssh-agent || ( apk add --update openssh )'

    # Add bash
    - apk add --update bash

    # Add git
    - apk add --update git

    # Run ssh-agent (inside the build environment)
    - eval $(ssh-agent -s)

    # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    - echo "$SSH_PRIVATE_KEY"
    - echo "$SSH_PRIVATE_KEY" | ssh-add -

    # For Docker builds disable host key checking. Be aware that by adding that
    # you are suspectible to man-in-the-middle attacks.
    # WARNING: Use this only with the Docker executor, if you use it with shell
    # you will overwrite your user's SSH config.
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    # In order to properly check the server's host key, assuming you created the
    # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
    # instead.
    # - mkdir -p ~/.ssh
    # - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
  script:
  - npm i -g pm2
  - pm2 deploy ecosystem.config.js production
  only:
  - master

And when I run the pipeline, I still get this error...

$ echo "$SSH_PRIVATE_KEY" | ssh-add -
Error loading key "(stdin)": invalid format

Could you please help ? I'm helpless, clueless, hopeless loading...

Thanks very much !

Did you copy the entire contents of the private key?https://docs.gitlab.com/ee/ci/ssh_keys/README.html#ssh-keys-when-using-the-docker-executor — Oluwafemi Sule, Sep 28 '19 at 03:36
I did copy the whole result of the "cat .ssh/id_rsa" into the variable, GitLab UI. The private key has been generated with the command "ssh-keygen -t rsa" run on the server where I want the files to be sended ! — mathieun7, Sep 28 '19 at 04:35
@jww This is 100% relevant for Stack Overflow, and I have answered numerous similar questions. — VonC, Sep 29 '19 at 20:58

VonC · Accepted Answer · 2021-08-03T21:21:14.630

14

SSH_PRIVATE_KEY is a variable I created in the CI/CD Settings on GitLab.

This is documented here

in the Value field paste the content of your private key that you created earlier.

So make sure you have pasted the id_rsa full content, including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- (with 5 final -)
(And, as MrDuk comments, a final newline)

Stephane Paquet adds in the comments:

cat ~/.ssh/id_rsa | pbcopy 
to make sure you copy all the required information.

edited Aug 03 '21 at 21:21

answered Sep 28 '19 at 05:10

VonC

1,262,500
529
4,410
5,250

2

DAMN ! I didn't get the "BEGIN" was *before* this line... Thanks very much ! – mathieun7 Sep 28 '19 at 13:59
1

`cat ~/.ssh/id_rsa | pbcopy` to make sure you copy all the required information – Stephane Paquet Jun 18 '20 at 16:52
2

@StephanePaquet Thank you for this feedback. Good point. I have included your comment in the answer for more visibility. – VonC Jun 18 '20 at 19:21
1

For future googlers, also make sure you have a newline at the end of your file. – MrDuk Aug 03 '21 at 20:28
@MrDuk Good point. I have included your comment in the answer for more visibility. – VonC Aug 03 '21 at 21:21
Tried everything but nothing worked. In docs they say that ed25519 is generated wrong, fixed still same issue. https://docs.gitlab.com/ee/ci/ssh_keys/#ssh-keys-when-using-the-docker-executor – iamandrewluca Aug 04 '22 at 20:22
1

@iamandrewluca OK, I see you have found a solution. Upvoted. – VonC Aug 04 '22 at 22:19

score 2 · Answer 2 · answered Aug 04 '22 at 21:06

2

My solution was to change CI/CD Variable type from Variable to File.
And instead of sourcing from the variable, did the sourcing from the file where SSH_PRIVATE_KEY is pointing

chmod 600 $SSH_PRIVATE_KEY
ssh-add $SSH_PRIVATE_KEY

answered Aug 04 '22 at 21:06

iamandrewluca

3,411
1
31
38

score 1 · Answer 3 · answered May 01 '20 at 08:43

1

Just as an FYI for anyone else doing this, I had the same problem but had missed the final dash off the END RSA PRIVATE KEY section. It must have 5 dashes as the dividers, apparently.

answered May 01 '20 at 08:43

BlakeyUK

83
1
9

Just run in the same issue and messed around it for a while. It not only requires the dashes, but also another newline after them. – Michael Jul 22 '22 at 07:22

score 1 · Answer 4 · answered Dec 23 '21 at 22:10

Also just as an FYI, my issue was that my SSH key was an OpenSSH format key (ex. -----BEGIN OPENSSH PRIVATE KEY-----) instead of a PEM format key (-----BEGIN RSA PRIVATE KEY-----), if you want instructions on how to convert an OpenSSH key to a PEM key you can find the answer here: Openssh Private Key to RSA Private Key

score 0 · Answer 5 · answered Mar 21 '23 at 17:39

Sometimes the problem is the way how the gitlab handles the "\n" in the string. So, instead o creating a variable with content of the private key ( a bunch of "\n" ), convert it to base64 (no "\n" characters):

base64 -w 0 .ssh/id_rsa

Then copy the output (don't forget the "=") to your variable SSH_PRIVATE_KEY

In the stage (gitlab-ci.yml):

- echo $SSH_PRIVATE_KEY | base64 -d > rsa.key
- ssh -i rsa user@host "echo hello world;"

gitlab CI : Error loading key : invalid format

5 Answers5

Linked