Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5852e0e0
Commit
5852e0e0
authored
Feb 24, 2017
by
Maxime Besson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Suggest a more secure way of handling SSH host keys in docker builds
parent
a2a4fb85
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
14 additions
and
0 deletions
+14
-0
doc/ci/ssh_keys/README.md
doc/ci/ssh_keys/README.md
+14
-0
No files found.
doc/ci/ssh_keys/README.md
View file @
5852e0e0
...
@@ -38,6 +38,15 @@ following **Settings > Variables**. As **Key** add the name `SSH_PRIVATE_KEY`
...
@@ -38,6 +38,15 @@ following **Settings > Variables**. As **Key** add the name `SSH_PRIVATE_KEY`
and in the
**Value**
field paste the content of your _private_ key that you
and in the
**Value**
field paste the content of your _private_ key that you
created earlier.
created earlier.
It is also good practice to check the server's own public key to make sure you
are not being targeted by a man-in-the-middle attack. To do this, add another
variable named
`SSH_SERVER_HOSTKEYS`
. To find out the hostkeys of your server, run
the
`ssh-keyscan YOUR_SERVER`
command from a trusted network (ideally, from the
server itself), and paste its output into the
`SSH_SERVER_HOSTKEY`
variable. If
you need to connect to multiple servers, concatenate all the server public keys
that you collected into the
**Value**
of the variable. There must be one key per
line.
Next you need to modify your
`.gitlab-ci.yml`
with a
`before_script`
action.
Next you need to modify your
`.gitlab-ci.yml`
with a
`before_script`
action.
Add it to the top:
Add it to the top:
...
@@ -59,6 +68,11 @@ before_script:
...
@@ -59,6 +68,11 @@ before_script:
# you will overwrite your user's SSH config.
# you will overwrite your user's SSH config.
- mkdir -p ~/.ssh
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
```
```
As a final step, add the _public_ key from the one you created earlier to the
As a final step, add the _public_ key from the one you created earlier to the
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment