Posted in git

Create an SSH key and use it to push data to an EC2 instance from your GitLab CI/CD pipeline

   November 5, 2023

In GitLab CI/CD, you don’t create SSH keys directly on the server; rather, you generate them on your local machine and then add them to the CI/CD pipeline configuration. Here’s how you can create an SSH key and use it to push data to an EC2 instance from your GitLab CI/CD pipeline:

Step 1: Generate an SSH Key Pair Locally

On your local machine, open a terminal and run the following command:

ssh-keygen -t rsa -b 4096 -C "service_acct@freshers.in"

When prompted, give the key a name and a passphrase (optional). This will create a new SSH key pair, typically named id_rsa (private key) and id_rsa.pub (public key), in the .ssh directory of your home folder.

Step 2: Add the Public Key to the EC2 Instance

Take the contents of the public key (id_rsa.pub) and add it to the ~/.ssh/authorized_keys file on your EC2 instance. This will allow the holder of the corresponding private key to SSH into the EC2 instance.

Step 3: Add the Private Key to GitLab CI/CD Variables

  1. In your GitLab repository, go to Settings > CI / CD.
  2. Expand the Variables section.
  3. Add a new variable:
    • Key: SSH_PRIVATE_KEY (or a name of your choice)
    • Value: Paste the entire content of your private key file (e.g., id_rsa).
    • Type: File
    • Make sure to protect the variable if necessary.

Step 4: Configure Your .gitlab-ci.yml File

In your .gitlab-ci.yml file, you’ll need to set up a job that uses the private key to push data to the EC2 instance. Here’s an example of what that job might look like:

deploy_to_ec2:
  stage: deploy
  only:
    - main
  script:
    - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    - ssh-add <(echo "$SSH_PRIVATE_KEY")
    - mkdir -p ~/.ssh
    - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
    - scp -r /freshers/in/data ec2-user@EC2_INSTANCE_IP:/path/to/target
  environment:
    name: production

In this example:

  • We install ssh-agent and openssh-client if they are not present.
  • We start the ssh-agent and add the SSH private key.
  • We disable strict host key checking (be cautious with this in a production environment).
  • We use scp to copy data from the CI/CD pipeline to the EC2 instance.

The SSH key should be kept secure, and the private key should never be shared or committed to your repository.

Make sure your EC2 security group allows SSH connections on port 22 from the IP address of the GitLab CI/CD runners.

Be cautious with disabling strict host key checking. It’s a security feature that protects against man-in-the-middle attacks. In a production environment, it’s better to add the EC2 instance’s host key to the known_hosts file.

Post Views: 5
Author: user
Website