In the last couple of days I spent a lot of time debugging the deployment script called via GitLab CI. The script worked well on one server (dev), but failed on the second one (prod).
GitLab CI was using a docker container with an injected SSH private key to connect to server and run some scripts. The whole setup was exactly as described in the official tutorial. From the beginning I was surprised to see that public key was never added to the container. But since it did the job well I didn't spend too much time to see how it actually works.
When I tried to make deployment work for a second server, things didn't work so smoothly. It refused to connect over SSH. After some digging and with ssh debugging enabled it was clear that the public key used by CI container was missing from the authorized_keys file on that server. The authorized_keys file was big on the first server, the one that work, and I had no idea which key was the one I needed to copy over. So I tried to see if I can extract the public key from the private key. To my delight, this seems to be a very easy task. You just need to run the following command:
ssh-keygen -y -f ~/.ssh/id_rsa
Where ~/.ssh/id_rsa is the file with your private key. This command will print the associated public key. With this key in place, the deployment script worked without issues.
- private keys contain the public key so in case you lose it you can re-create it
- I need a better systems for deploying and managing authorized_keys across all the servers