- Newest
- Most votes
- Most comments
I had to modify the above solutions to get around a Host key verification failed
error. End to end, my steps:
- Create a custom deploy key for the private repo in github
- generate the key
ssh-keygen -f deploy_key -N ""
- Encode the deploy key as a base64 encoded env variable for amplitude
cat deploy_key | base64 | tr -d \\n
- add this as a hosting environment variable (eg. DEPLOY_KEY)
- Modify the
amplify.yml
file to make use of the deploy key- there's 2 key steps
- adding deploy key to
ssh-agent
- WARNING: this implementation will print the
$DEPLOY_KEY
tostdout
- WARNING: this implementation will print the
- disabling
StrictHostKeyChecking
- NOTE: amplify does not have a
$HOME/.ssh
folder by default so you'll need to create one as part of the deployment process
- NOTE: amplify does not have a
- adding deploy key to
- relevant excerpt below
- ... - eval "$(ssh-agent -s)" - ssh-add <(echo "$DEPLOY_KEY" | base64 -d) - echo "disable strict host key check" - mkdir ~/.ssh - touch ~/.ssh/config - 'echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' - ...
- full build file here
- there's 2 key steps
I also did a more detailed writeup as well as alternatives and gotchas which you can read about here
Hi speshak,
Thanks for using AWS Amplify Console! You are correct that the deploy keys are generated on a per-app basis. However, you may be able to work around this by creating your own key pair.
Add the private key as an environment variable in the Amplify app. Add the public key to the repository you would like to clone. You could then add the key to the ssh-agent on the build instance during build and git clone the second repository.
Please let us know if that works!
Thanks,
Dan
I was able to make that work, though it is a bit gross (albeit it's better than using a GitHub personal token in the package.json, which was my work around before)
It would be great if the public key generated for the Amplify app could be accessed in some way to avoid needing to do all of this. Please consider this a feature request for the Amplify console.
Hello,
Whenever I try adding the private key using "ssh-add" it asks for the passphrase and does not continue the build. The key does not have a passphrase. Any ideas?
Thanks
Im having this issue as well. I'm trying ssh-add in the commands section of the build settings, and even though the key doesn't have a password, it asks for it and the build fails. Any suggestions? If someone has gotten this to work can you share the relevant bit of amplify.yaml?
Thanks in advance
so turns out I needed to base64 encode the key as per @certik's answer on the following thread:https://gitlab.com/gitlab-examples/ssh-private-key/issues/1
- create the keypair without a password:
ssh-keygen -f deploy_key -N ""
- encode it and copy the output into an Environment Variable in the Amplify Console (eg DEPLOY_KEY)
cat deploy_key | base64 | tr -d \\n
-
add the contents of deploy_key.pub to the access keys of the private repo you want to access
-
then in amplify.yml
commands:
- eval "$(ssh-agent -s)"
- ssh-add <(echo "$DEPLOY_KEY" | base64 -d)
Is this answer still valid? My build just freezes when it runs eval "$(ssh-agent -s)"
Is this answer still valid? My build just freezes when it runs eval "$(ssh-agent -s)"
Yeah I had the same problem. Could resolve by doing the following:
- Remove newline characters from base64 encoded key. When I copied the key over from my pc to the amplify console variables the new lines were always readded. I didn't really saw that for a while due to the strange formatting in the amplify console. I then removed the newlines manually in my editor and copied over again. Then it worked.
- I also used this command instead:
echo "$DEPLOY_KEY" | base64 -d | ssh-add - > /dev/null
Just make sure you don't have any newline characters in your base64 string. I encoded with this command:
cat deploy_key | base64
(And afterwards removed the newlines as described above)
Hope this helps somehow.
Edited by: marcuszy on Apr 22, 2021 12:34 AM
Edited by: marcuszy on Apr 22, 2021 12:34 AM
Edited by: marcuszy on Apr 22, 2021 12:36 AM
Just a note because it took me a while to figure out. The current environment of Amplify is not the latest, and it uses a less than 7.6 OpenSSH (OpenSSH_7.4p1 as the day of writing this). If you have a newer NPM, then you have errors installing your private repos as modules (https://github.com/npm/git/issues/31).
You must run npm install
this way:
- GIT_SSH_COMMAND="ssh" npm install
I believe this forces NPM to rely on SSH not in a newer mechanism that will fail in older environments.
Relevant content
- Accepted Answerasked 3 years ago
- asked 10 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
Thanks! this is what finally did it for me. For some reason I do have
$HOME/.ssh
directory so I had to drop themkdir
andtouch
lines (maybe the linux image I'm using), but that did the trick! Cheers!