From e6110d7faad0d393df5e6b4864521ec543b13814 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 3 Jun 2026 01:00:04 -0400 Subject: [PATCH] fix ssh_key parsing --- .gitlab-ci.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b96ab88..5cbb574 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -189,11 +189,22 @@ deploy_to_vps: # Load the SSH private key stored in the CI variable SSH_PRIVATE_KEY - eval $(ssh-agent -s) - | + key_file="$(mktemp)" + if [ -f "${SSH_PRIVATE_KEY:-}" ]; then - tr -d '\r' < "$SSH_PRIVATE_KEY" | ssh-add - + tr -d '\r' < "$SSH_PRIVATE_KEY" > "$key_file" else - printf '%s\n' "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - + printf '%s\n' "$SSH_PRIVATE_KEY" | tr -d '\r' > "$key_file" fi + + chmod 600 "$key_file" + ssh-keygen -y -f "$key_file" >/dev/null 2>&1 || { + echo "SSH_PRIVATE_KEY is not a valid unencrypted private key that OpenSSH can read." >&2 + exit 1 + } + + ssh-add "$key_file" + rm -f "$key_file" - mkdir -p ~/.ssh && chmod 700 ~/.ssh # Scan and trust the VPS host key (avoids manual known_hosts management) - ssh-keyscan -H $VPS_IP >> ~/.ssh/known_hosts