Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Using multiple InstallSSHKey@0 tasks results in only 1 ssh key being available

See original GitHub issue

Note

Issues in this repo are for tracking bugs, feature requests and questions for the tasks in this repo

For a list:
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

If you have an issue or request for the Azure Pipelines service, use developer community instead:

https://developercommunity.visualstudio.com/spaces/21/index.html )

Required Information

Entering this information will route you directly to the right team and expedite traction.

Question, Bug, or Feature?
Type: BUG

Enter Task Name: InstallSSHKey@0

Linked/similar to #10838

list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks

Environment

  • Server - Azure Pipelines or TFS on-premises?

    • If using Azure Pipelines, provide the account name, team project name, build definition name/build number:

Account Name: NBSUKDevOps Project Name: n/a Build Number: n/a

  • Agent - Hosted or Private:

    • If using private agent, provide the OS of the machine running the agent and the agent version:

Private Red Hat 7.8 Agent v2.170.1

Issue Description

[Include task name(s), screenshots and any other relevant details]

When using InstallSSHKey@0 multiple times to download multiple keys, only the first ssh key is able to be used/found for the tasks that follow.

name: $(BuildID) $(Date:yyyy-MM-dd HH-mm) UTC ~ ($(SourceBranchName))

pool:
  name: backupAgents
pr: none
trigger: none

variables:
- template: /.pipelines/config/sub-78a83154a2a6.config.yml
- template: /.pipelines/config/global.config.yml

stages:
- stage: stage1
  displayName: stage1
  jobs:
    - job: MyJob1
      continueOnError: false
      displayName: MyJob1
      workspace:
        clean: all
      steps:

      - task: InstallSSHKey@0
        displayName: landingZone
        inputs:
          knownHostsEntry: $(LANDING_ZONE_SSH_KNOWN_HOST)
          sshKeySecureFile: landingZone
          sshPublicKey: $(LANDING_ZONE_SSH_PUBLIC_KEY)

      - task: InstallSSHKey@0
        displayName: namingStd
        inputs:
          knownHostsEntry: $(NAMING_STD_SSH_KNOWN_HOST)
          sshKeySecureFile: namingstd
          sshPublicKey: $(NAMING_STD_SSH_PUBLIC_KEY)

      - checkout: none

      - script: |
          cd $SYSTEM_DEFAULTWORKINGDIRECTORY
          set -eu -o pipefail
          pwd
          ls -la
          git clone git@github.com:MYGITHUBACCOUNT/nbs-azure-lz.git .
          git checkout v2.0.9
          pwd
          ls -la
        displayName: "Git Clone"

      - script: |
          cd $SYSTEM_DEFAULTWORKINGDIRECTORY
          mkdir test
          cd ./test
          set -eu -o pipefail
          pwd
          ls -la
          git clone git@github.com:MYGITHUBACCOUNT/nbs-azure-naming-standard.git .
          git checkout master
          pwd
          ls -la
        displayName: "Git Clone NAMING"

Only the first task, Git Clone, works; the 2nd GitHub clone does not find a key that matches. If you switch the order of the SSH key installation tasks, then only the first ssh key task downloads and uses that ssh key, the other is… lost?

Task logs

[Enable debug logging and please provide the zip file containing all the logs for a speedy resolution]

Landing Zone SSH task

##[debug]Evaluating condition for step: 'landingZone'
##[debug]Evaluating: SucceededNode()
##[debug]Evaluating SucceededNode:
##[debug]=> True
##[debug]Result: True
Starting: landingZone
==============================================================================
Task         : Install SSH key
Description  : Install an SSH key prior to a build or deployment
Version      : 0.172.0
Author       : Microsoft Corporation
Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/install-ssh-key
==============================================================================
##[debug]agent.TempDirectory=/vsts/_work/_temp
##[debug]loading inputs and endpoints
##[debug]loading INPUT_HOSTNAME
##[debug]loading INPUT_SSHPUBLICKEY
##[debug]loading INPUT_SSHKEYSECUREFILE
##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
##[debug]loading SECUREFILE_TICKET_4a55486c-a2b8-4a0a-bcfb-4f9f5a5fa055
##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
##[debug]loaded 8
##[debug]Agent.ProxyUrl=undefined
##[debug]Agent.CAInfo=undefined
##[debug]Agent.ClientCert=undefined
##[debug]Agent.SkipCertValidation=undefined
##[debug]sshPublicKey=MYSUPERSSHDETAILS
##[debug]hostName=github.com,140.82.118.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
##[debug]sshPassphrase=null
##[debug]check path : /vsts/_work/_tasks/InstallSSHKey_5c9af2eb-5fc5-42dc-9b91-dc234a8c4400/0.172.0/task.json
##[debug]adding resource file: /vsts/_work/_tasks/InstallSSHKey_5c9af2eb-5fc5-42dc-9b91-dc234a8c4400/0.172.0/task.json
##[debug]system.culture=en-US
##[debug]sshKeySecureFile=4a55486c-a2b8-4a0a-bcfb-4f9f5a5fa055
##[debug]System.TeamFoundationCollectionUri=https://dev.azure.com/NBSUKDevOps/
##[debug]SYSTEMVSSCONNECTION auth param ACCESSTOKEN = ***
##[debug]Secure file retry count set to: 5
##[debug]Agent.ProxyUrl=undefined
##[debug]secure file name for id 4a55486c-a2b8-4a0a-bcfb-4f9f5a5fa055 = landingZone
##[debug]Agent.TempDirectory=/vsts/_work/_temp
##[debug]Absolute path for pathSegments: /vsts/_work/_temp,landingZone = /vsts/_work/_temp/landingZone

NamingStd SSH Task

##[debug]Evaluating condition for step: 'namingStd'
##[debug]Evaluating: SucceededNode()
##[debug]Evaluating SucceededNode:
##[debug]=> True
##[debug]Result: True
Starting: namingStd
==============================================================================
Task         : Install SSH key
Description  : Install an SSH key prior to a build or deployment
Version      : 0.172.0
Author       : Microsoft Corporation
Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/install-ssh-key
==============================================================================
Identity added: /vsts/_work/_temp/namingstd (Paul.Mackinnon@MC02ZW7H2MD6R)
##[debug]agent.TempDirectory=/vsts/_work/_temp
##[debug]loading inputs and endpoints
##[debug]loading INPUT_HOSTNAME
##[debug]loading INPUT_SSHPUBLICKEY
##[debug]loading INPUT_SSHKEYSECUREFILE
##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
##[debug]loading SECUREFILE_TICKET_3078e159-88ce-48a4-b996-50f9f03d7664
##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
##[debug]loaded 8
##[debug]Agent.ProxyUrl=undefined
##[debug]Agent.CAInfo=undefined
##[debug]Agent.ClientCert=undefined
##[debug]Agent.SkipCertValidation=undefined
##[debug]sshPublicKey=ssh-rsa MYSUPERSSHDETAILS
##[debug]hostName=github.com,140.82.118.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
##[debug]sshPassphrase=null
##[debug]check path : /vsts/_work/_tasks/InstallSSHKey_5c9af2eb-5fc5-42dc-9b91-dc234a8c4400/0.172.0/task.json
##[debug]adding resource file: /vsts/_work/_tasks/InstallSSHKey_5c9af2eb-5fc5-42dc-9b91-dc234a8c4400/0.172.0/task.json
##[debug]system.culture=en-US
##[debug]sshKeySecureFile=3078e159-88ce-48a4-b996-50f9f03d7664
##[debug]System.TeamFoundationCollectionUri=https://dev.azure.com/NBSUKDevOps/
##[debug]SYSTEMVSSCONNECTION auth param ACCESSTOKEN = ***
##[debug]Secure file retry count set to: 5
##[debug]Agent.ProxyUrl=undefined
##[debug]secure file name for id 3078e159-88ce-48a4-b996-50f9f03d7664 = namingstd
##[debug]Agent.TempDirectory=/vsts/_work/_temp

git-clone-error

Error output of Git Clone NAMING

##[debug]Evaluating condition for step: 'Git Clone NAMING'
##[debug]Evaluating: SucceededNode()
##[debug]Evaluating SucceededNode:
##[debug]=> True
##[debug]Result: True
##[section]Starting: Git Clone NAMING
==============================================================================
Task         : Command line
Description  : Run a command line script using Bash on Linux and macOS and cmd.exe on Windows
Version      : 2.164.2
Author       : Microsoft Corporation
Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/command-line
==============================================================================
##[debug]agent.TempDirectory=/vsts/_work/_temp
##[debug]loading inputs and endpoints
##[debug]loading INPUT_SCRIPT
##[debug]loading INPUT_WORKINGDIRECTORY
##[debug]loading INPUT_FAILONSTDERR
##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
##[debug]loaded 7
##[debug]Agent.ProxyUrl=undefined
##[debug]Agent.CAInfo=undefined
##[debug]Agent.ClientCert=undefined
##[debug]Agent.SkipCertValidation=undefined
##[debug]check path : /vsts/_work/_tasks/CmdLine_d9bafed4-0b18-4f58-968d-86655b4d2ce9/2.164.2/task.json
##[debug]adding resource file: /vsts/_work/_tasks/CmdLine_d9bafed4-0b18-4f58-968d-86655b4d2ce9/2.164.2/task.json
##[debug]system.culture=en-US
##[debug]failOnStderr=false
##[debug]script=cd $SYSTEM_DEFAULTWORKINGDIRECTORY
mkdir test
cd ./test
set -eu -o pipefail
pwd
ls -la
git clone git@github.com:MYGITHUBACCOUNT/nbs-azure-naming-standard.git .
git checkout master
pwd
ls -la
##[debug]workingDirectory=/vsts/_work/13/s
##[debug]check path : /vsts/_work/13/s
Generating script.
##[debug]Agent.Version=2.170.1
##[debug]agent.tempDirectory=/vsts/_work/_temp
##[debug]check path : /vsts/_work/_temp
========================== Starting Command Output ===========================
##[debug]which 'bash'
##[debug]found: '/usr/bin/bash'
##[debug]which '/usr/bin/bash'
##[debug]found: '/usr/bin/bash'
##[debug]/usr/bin/bash arg: --noprofile
##[debug]/usr/bin/bash arg: --norc
##[debug]/usr/bin/bash arg: /vsts/_work/_temp/413558a2-f098-46a7-9b9e-41f7e40fa731.sh
##[debug]exec tool: /usr/bin/bash
##[debug]arguments:
##[debug]   --noprofile
##[debug]   --norc
##[debug]   /vsts/_work/_temp/413558a2-f098-46a7-9b9e-41f7e40fa731.sh
[command]/usr/bin/bash --noprofile --norc /vsts/_work/_temp/413558a2-f098-46a7-9b9e-41f7e40fa731.sh
/vsts/_work/13/s/test
total 0
drwxr-xr-x.  2 azdo azdo   6 Jul 14 06:54 .
drwxr-xr-x. 12 azdo azdo 182 Jul 14 06:54 ..
Cloning into '.'...
ERROR: Repository not found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

##[debug]Exit code 128 received from tool '/usr/bin/bash'
##[debug]STDIO streams have closed for tool '/usr/bin/bash'
##[error]Bash exited with code '128'.
##[debug]Processed: ##vso[task.issue type=error;]Bash exited with code '128'.
##[debug]task result: Failed
##[debug]Processed: ##vso[task.complete result=Failed;done=true;]
##[section]Finishing: Git Clone NAMING

If you flip it around so that the other SSH key task is first, you also have to flip the CMD line tasks around so it can be used; but this time it errors on the other Git clone. which obviously means i have proper access rights, and that it just can understand multiple ssh keys

git-clone-error2

I tried doing a search on the host for any installed SSH keys using the below task, but from what i can tell, they are deleted once downloaded and “installed”.

      - script: |
          ls -la /home/azdo/.ssh/
          ls -la /vsts/_work/_temp/
          cat /home/azdo/.ssh/known_hosts
          cat /home/azdo/.ssh/authorized_keys
          env | sort

Troubleshooting

Checkout how to troubleshoot failures and collect debug logs: https://docs.microsoft.com/en-us/vsts/build-release/actions/troubleshooting

Error logs

[Insert error from the logs here for a quick overview]

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
harsh-vmcommented, Jul 14, 2020

@egor-bryzgalov we had the same issue as @fluffy-cakes. For now we have the following workaround that serves the requirement of using multiple SSH keys for different repo checkout.

- task: DownloadSecureFile@1
  name: devops_components_SSHKey
  displayName: 'Download SSH key 1'
  inputs:
    secureFile: sshkey1

- task: DownloadSecureFile@1
  name: namingstd_SSHkey
  displayName: 'Download SSH key 2'
  inputs:
    secureFile: sshkey2

- script: |
    # SET UP FOLDER and FILES
    mkdir -p $HOME/.ssh
    chmod 0700 $HOME/.ssh
    touch $HOME/.ssh/config
    chmod 0644 $HOME/.ssh/config
    touch ~/.ssh/known_hosts
    chmod 0644 ~/.ssh/known_hosts
    chmod 0600 $SSH_KEY_1
    chmod 0600 $SSH_KEY_2
    # SET UP PRIVATE KEYS
    cat <<EOT >> $HOME/.ssh/config
    #Naming standard repo
    Host github.com-naming
    HostName github.com
    User git
    IdentityFile $SSH_KEY_1
    #Shared component repo
    Host github.com
    HostName github.com
    User git
    IdentityFile $SSH_KEY_2
    EOT
    cat $HOME/.ssh/config
    # SET UP KNOWN HOSTS
    echo $KNOWN_HOST > ~/.ssh/known_hosts
    cat ~/.ssh/known_hosts
  displayName: Setup SSH keys
  env:
    SSH_KEY_1: $(devops_components_SSHKey.secureFilePath)
    SSH_KEY_2: $(namingstd_SSHkey.secureFilePath)
    KNOWN_HOST: ${{ parameters['knownHostsEntry'] }}

It would be good to see the above solution to be part of the task - task: InstallSSHKey@0

0reactions
DenisRumyantsevcommented, Feb 14, 2022

The related documentation update PR has been merged, so I am closing this issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

InstallSSHKey@0 - Install SSH key v0 task - Microsoft Learn
Use this task in a pipeline to install an SSH key prior to a build or release ... When using more than one...
Read more >
How to manage multiple SSH key pairs | Enable Sysadmin
Secure your systems with multiple SSH keys without losing your mind. ... The following command has the same result as the one above:...
Read more >
Can't SSH? You Might Have Too Many Keys - Tutorial Works
When I ran this command, I saw that the ssh program was trying multiple keys, one after another, even though I was only...
Read more >
Is it reasonable to have multiple SSH keys? - Super User
The risk to be concerned about here is authentication. A rogue site forwards authentication requests to your agent task. If you use only...
Read more >
Connect Terraform to Azure DevOps Git Repos over SSH
Step 1: Prepare SSH Key · Step 2: Prepare Azure Devops · Step 3: How to use Install SSH Key devops task.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Improve UsePython to allow installation versions on-flight

Next page

DockerV2: Task ignores addPipelineData and always sets two labels on build