In GitLab CI/CD, you don’t create SSH keys directly on the server; rather, you generate them on your local machine and then add them to the CI/CD pipeline configuration. Here’s how you can create an SSH key and use it to push data to an EC2 instance from your GitLab CI/CD pipeline:
Step 1: Generate an SSH Key Pair Locally
On your local machine, open a terminal and run the following command:
ssh-keygen -t rsa -b 4096 -C "service_acct@freshers.in"
When prompted, give the key a name and a passphrase (optional). This will create a new SSH key pair, typically named id_rsa
(private key) and id_rsa.pub
(public key), in the .ssh
directory of your home folder.
Step 2: Add the Public Key to the EC2 Instance
Take the contents of the public key (id_rsa.pub
) and add it to the ~/.ssh/authorized_keys
file on your EC2 instance. This will allow the holder of the corresponding private key to SSH into the EC2 instance.
Step 3: Add the Private Key to GitLab CI/CD Variables
- In your GitLab repository, go to Settings > CI / CD.
- Expand the Variables section.
- Add a new variable:
- Key:
SSH_PRIVATE_KEY
(or a name of your choice) - Value: Paste the entire content of your private key file (e.g.,
id_rsa
). - Type:
File
- Make sure to protect the variable if necessary.
- Key:
Step 4: Configure Your .gitlab-ci.yml
File
In your .gitlab-ci.yml
file, you’ll need to set up a job that uses the private key to push data to the EC2 instance. Here’s an example of what that job might look like:
deploy_to_ec2:
stage: deploy
only:
- main
script:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- ssh-add <(echo "$SSH_PRIVATE_KEY")
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- scp -r /freshers/in/data ec2-user@EC2_INSTANCE_IP:/path/to/target
environment:
name: production
In this example:
- We install
ssh-agent
andopenssh-client
if they are not present. - We start the ssh-agent and add the SSH private key.
- We disable strict host key checking (be cautious with this in a production environment).
- We use
scp
to copy data from the CI/CD pipeline to the EC2 instance.
The SSH key should be kept secure, and the private key should never be shared or committed to your repository.
Make sure your EC2 security group allows SSH connections on port 22 from the IP address of the GitLab CI/CD runners.
Be cautious with disabling strict host key checking. It’s a security feature that protects against man-in-the-middle attacks. In a production environment, it’s better to add the EC2 instance’s host key to the known_hosts file.