0

I'm stuck following this tutorial:

https://oncletom.io/2016/travis-ssh-deploy/

My .travis.yml code:

language: ruby 
sudo: false
rvm:
- 2.2
env:
  global:
  - domain: <..>
  - site_path: <..>
addon:
  ssh_known_hosts: <..>
before_script:
  - npm install -g bower
  - bower install
script: bundle exec jekyll build
before_deploy:
  - openssl aes-256-cbc -K $encrypted_<..>_key -iv $encrypted_<..>_iv -in deploy/deploy_key.enc -out /tmp/deploy_key -d
  - eval "$(ssh-agent -s)"
  - chmod 600 /tmp/deploy_key
  - ssh-add /tmp/deploy_key
deploy:
  provider: script
  skip_cleanup: true
  script: "./deploy/deploy.sh"
  on:
    branch: master

My results:

$ openssl aes-256-cbc -K $encrypted_<..>_key -iv $encrypted_<..>_iv -in deploy/deploy_key.enc -out /tmp/deploy_key -d
$ eval "$(ssh-agent -s)"
Agent pid 2583
$ chmod 600 /tmp/deploy_key
$ ssh-add /tmp/deploy_key
Enter passphrase for /tmp/deploy_key: 
Done: Job Cancelled

In other words, the job cancelled due to a timeout. Recreating a key without a passphrase results in this error:

# <..> SSH-2.0-OpenSSH_7.5    
|1|<..>
Creating public keys..
copying site to <..>...
Warning: Permanently added the RSA host key for IP address '<..>' to the list of known hosts.
deploy@<..>'s password:     

No output has been received in the last 10m0s, this potentially indicates a stalled build or something wrong with the build itself.

Check the details on how to adjust your build configuration on: https://docs.travis-ci.com/user/common-build-problems/#Build-times-out-because-no-output-was-received

The build has been terminated

I thus can't deploy the site. So the question is, why is it getting stuck at passphrase and password? And I thought the ssh keys was mount to do away with passphrases and passwords?

Below is the relevant script.

deploy.sh

#!/usr/bin/env bash
set -e

if [ ! "env:$TRAVIS_BRANCH" == "env:master" ]; then
    echo not on master, not deploying
    exit 0
fi

echo "on master ✓"

if [ -z "$domain" ]; then
    echo "domain" variable not set
    exit 1
fi
echo "domain: $domain ✓"

if [ -z "$site_path" ]; then
    echo "site_path" variable not set
    exit 1
fi
echo "site path: $site_path ✓"

echo "zipping _site to site.zip..."
(cd _site/ && zip -r - .) > site.zip 2>/dev/null

echo "Check if public key of the server is in known_hosts"
if [ -z `ssh-keygen -F $domain` ]; then
    ssh-keyscan -H $domain | tee -a ~/.ssh/known_hosts
    echo "Creating public keys.."
fi

echo "copying site to $domain..."
scp -i /tmp/deploy_key site.zip deploy@$domain:~/site.zip
ssh -i /tmp/deploy_key deploy@$domain 'rm -rf "'$site_path'"/* && unzip ~/site.zip -d "'$site_path'" && rm ~/site.zip'
Folaht
  • 1,062

1 Answers1

1

Yes I know it's a very old question :) But I've got some interrogation recently and I can propose a working solution.

before_install:
    - [...]
    - chmod 600 ssh.key
    - chmod 700 local-ssh-askpass
    - eval `ssh-agent -s`
    - DISPLAY=1 SSH_ASKPASS_REQUIRE=force SSH_ASKPASS=./local-ssh-askpass ssh-add ssh.key < /dev/null

You must :

  • add DISPLAY=1 to force local ask script
  • redirect input from /dev/null

Normally travis could accept and add to agent this key

References : How to pass a passphrase to ssh-add without triggering a prompt?

  • If someone runs into the same issue as I did years ago and can confirm that this is the solution, I'll mark it as a solution. I abandoned whatever project this was, although it might be that one that I could restart in five years or so. – Folaht Oct 11 '23 at 11:26