Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Copy generated SSH public key with ssh-copy-id from pipeline image to remote server

mohessaid
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 17, 2021

I created a custom docker image based on Alpine. Moreover, I added a Python script to read secrets from our Vault server and use Rsync to deploy the repository to our servers.

Testing this script in a server or my own workstation was successful. However, When I tried to use it in Bitbucket pipeline it wasn't able to copy the public ssh key (generated from bitbucket ssh tab in pipeline settings). I went through the running image with some command to search for the keys and I find only the private key and no public key. I checked also some pipeline images from this project but still have the same issue. I am using the script from rsync deploy pipeline which looks like this:



#!/bin/bash## Bitbucket Pipelines#

source
"$(dirname "$0")/common.sh"

info
"Executing the pipe..."

setup_ssh_dir() {

INJECTED_SSH_CONFIG_DIR=
"/opt/atlassian/pipelines/agent/ssh"

# The default ssh key with open perms readable by alt uids

IDENTITY_FILE=
"${INJECTED_SSH_CONFIG_DIR}/id_rsa_tmp"

# The default known_hosts file

KNOWN_HOSTS_FILE=
"${INJECTED_SSH_CONFIG_DIR}/known_hosts"
mkdir -p ~/.ssh || debug "adding ssh keys to existing ~/.ssh"
touch
~/.ssh/authorized_keys chmod -R 700 ~/.ssh

if [ ! -f ${IDENTITY_FILE} ]; then
error
"No default SSH key configured in Pipelines."
exit 1 else debug "Using default ssh key"

cp
${IDENTITY_FILE} ~/.ssh/pipelines_id
chmod 600
~/.ssh/pipelines_id
ssh-keygen -y -f
~/.ssh/pipelines_id > ~/.ssh/pipelines_id.pub
fi

if [ ! -f ${KNOWN_HOSTS_FILE} ]; then
error
"No SSH known_hosts configured in Pipelines."
exit 2
fi

cat
${KNOWN_HOSTS_FILE} >> ~/.ssh/known_hosts

if [ -f ~/.ssh/config ]; then

debug
"Appending to existing ~/.ssh/config file"

fi

echo "IdentityFile ~/.ssh/pipelines_id" > ~/.ssh/config
chmod -R go-rwx
~/.ssh/

}

enable_debug
setup_ssh_dir


The result I am getting when I execute an ssh-copy-id of the copied key:

 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/pipelines_id.pub"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/pipelines_id.pub"

 Am I doing something wrong and why there is no trace of the public key inside the image when it runs in the pipeline. And what's the right way to copy it on pipeline execution. 

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events