fix ssh key parsing

This commit is contained in:
root
2026-06-04 00:13:58 -04:00
parent e0b2239f66
commit 52c1ecffe2
4 changed files with 130 additions and 3 deletions
+17 -2
View File
@@ -190,6 +190,12 @@ deploy_to_vps:
- eval $(ssh-agent -s)
- |
key_file="$(mktemp)"
decoded_key_file="$(mktemp)"
cleanup_key_files() {
rm -f "$key_file" "$decoded_key_file"
}
trap cleanup_key_files EXIT
if [ -f "${SSH_PRIVATE_KEY:-}" ]; then
tr -d '\r' < "$SSH_PRIVATE_KEY" > "$key_file"
@@ -198,13 +204,22 @@ deploy_to_vps:
fi
chmod 600 "$key_file"
if ! ssh-keygen -y -f "$key_file" >/dev/null 2>&1; then
if [ ! -f "${SSH_PRIVATE_KEY:-}" ] && printf '%s' "$SSH_PRIVATE_KEY" | tr -d '\r\n\t ' | base64 -d > "$decoded_key_file" 2>/dev/null; then
tr -d '\r' < "$decoded_key_file" > "$key_file"
chmod 600 "$key_file"
fi
fi
ssh-keygen -y -f "$key_file" >/dev/null 2>&1 || {
echo "SSH_PRIVATE_KEY is not a valid unencrypted private key that OpenSSH can read." >&2
echo "SSH_PRIVATE_KEY must be an unencrypted OpenSSH private key. GitLab file variables, raw multiline keys, and base64-encoded keys are supported." >&2
exit 1
}
ssh-add "$key_file"
rm -f "$key_file"
cleanup_key_files
trap - EXIT
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
# Scan and trust the VPS host key (avoids manual known_hosts management)
- ssh-keyscan -H $VPS_IP >> ~/.ssh/known_hosts