travis-ci - ssh-add asking for my passphrase

Question

I am working on a continuous integration with Travis CI. This is my configuration:

before_install:
  - echo -e "Host *\n\tStrictHostKeyChecking no\n" > ~/.ssh/config
  - echo -e $id_rsa.pub > ~/.ssh/id_rsa.pub
  - echo -e $id_rsa > ~/.ssh/id_rsa
  - sudo chmod 600 ~/.ssh/*
  - sudo chmod 644 ~/.ssh/config
  - eval `ssh-agent -s`
  - ssh-add ~/.ssh/id_rsa
  ...

$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/travis/.ssh/id_rsa: 

On the ssh-add step, it ask me the passphrase and it's stop the deployment. I have tested with an other ssh key without passphrase but it don't fix my issue.

I have tested lot of solution like yes $MY_PASSWORD | ssh-add ~/.ssh/id_rsa yes $MY_PASSWORD | ssh-add ~/.ssh/id_rsa or echo "$MY_PASSWORD" | ssh-add ~/.ssh/id_rsa echo "$MY_PASSWORD" | ssh-add ~/.ssh/id_rsa but it don't works.

I have added to my .ssh/config (you can see it in my config):

Host *
    StrictHostKeyChecking no

isn't it supposed to make it don't ask me the passphrase ?

Maybe someone have an idea ? Thanks :)

Answer 1

You are using encrypted private key (which is good), but it needs the passphrase (which is bad for scripting). There are several possibilities you can proceed:

• Remove the passphrase from the key and use it unencrypted (less secure)

   ssh-keygen -p -P "old_passphrase" -N "" -f ~/.ssh/id_rsa 

• Use sshpass tool to unlock the key (storing the passphrase next to the key in the script basically defeats the security of encrypted key)

   sshpass -p passphrase ssh-add ~/.ssh/id_rsa 

Answer 2

I had resolved my problem. I had different problem in basic utilisation of environment variables and echo.

• My environment variables names were not good. "$id_rsa.pub" in travis was interpreted by $id_rsa . ".pub" so it added some wrong characters to my content. I renamed it to id_rsa_pub.

• I forget to transform " " in "\\ " and newlines by "\\n" and with travis and his environment variables, you must write "\\\\n" instead of just "\\n".

My issue was in part because bad ssh files, and because I use a rsa key with password. In my case it's not important to have a password so i deleted it. For that i use the answer of jakuje. My ssh key is now installed correctly in each builds.

Thank you for your help !