ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory Permission denied, please try again

omero picture omero · Aug 24, 2020 · Viewed 10.3k times · Source

I want to run pipline on Bitbucket. I made all the necessary settings. I installed ssh_askpass. I am using Ubuntu 18.

However, I am getting the error below.

ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied, please try again.

My bitbucket-pipelines.yml file:

pipelines:
  default:
    - step:
        deployment: staging
        caches:
          - composer
        script:
          - ssh -T [email protected]
          - eval `ssh-agent -s` && ssh-add ~/.ssh/id_rsa && ssh-add -l
          - cd /var/www/backoffice/
          - git checkout master 
          - git pull origin master 
          - sudo php artisan optimize 
          - sudo composer dump-autoload
          - echo 'Deploy finished....'

Answer

bk2204 picture bk2204 · Aug 25, 2020

You aren't going to be able to use any sort of GUI program like ssh-askpass on a CI system because on Linux CI systems there is no GUI available.

If you want to use an SSH key in a CI system, you should use one that does not have a password set and store it in your CI system's secret store, then copy it to a file and use it. OpenSSH intentionally does not provide a way to programmatically read a password.

Note that if you have only one SSH key without a password, you don't need ssh-agent or ssh-add at all. Assuming the contents of your private key are in the variable SSH_KEY (e.g., due to your CI system's secret store), you can simply do this:

echo "$SSH_KEY" > ~/.ssh/id_rsa
ssh [email protected] 'echo hello from the remote machine`

You won't want to run ssh without a command since that will try to start an interactive session, which won't be useful to you. If your goal is to use Git to push and pull over an SSH connection, then you don't need to run ssh at all.

Finally, note that you will probably want to write the remote system's host key information into a file as part of your pipeline, either from your pipeline or a secret, because SSH won't connect if the host key isn't trusted. You can obtain this information by running a command like this: ssh-keyscan github.com 2>/dev/null. You can then take that output and insert it into your known_hosts file like this:

echo "github.com ssh-rsa AAAA...truncated" > ~/.ssh/known_hosts

This is far more secure than turning off strict host key checking.