跳转至

Travis中添加ssh密钥

1、服务器密钥生成

ssh-keygen -t rsa -b 4096 -C "<your_email>" -f github_deploy -N ''

首先按照上面的命令生成名称为github_deploy的密钥,密钥会放在当前文件夹下

认证密钥需要放在~/.ssh/authorized_keys中生效,如果是在服务器上操作:

cat github_deploy.pub >> ~/.ssh/authorized_keys

远程操作:

ssh-copy-id -i github_deploy.pub [user]@[ip]

2、Travis上传密钥

这里使用了travis,如果没有安装ruby,需要先安装ruby

# 安装ruby
yum install ruby -y
# 安装travis
gem install travis

接下来使用travis来配置

  • 登陆
(base)  ~ travis login
Shell completion not installed. Would you like to install it now? |y| y
We need your GitHub login to identify you.
This information will not be sent to Travis CI, only to api.github.com.
The password will not be displayed.

Try running with --github-token or --auto if you don't want to enter your password anyway.

Username: github注册邮箱
Password for [email protected]: [******github密码******]
Successfully logged in as [会显示github用户名]!
(base)  ~ 
  • 上传密钥信息
(base)  ~  travis encrypt-file ~/.ssh/github_deploy_key
Can't figure out GitHub repo name. Ensure you're in the repo directory, or specify the repo name via the -r option (e.g. travis <command> -r <owner>/<repo>)
(base)  ✘ ~  j blog
/Users/zhang/Workspace/mkdocs_blog
(base)  ~/Workspace/mkdocs_blog  travis encrypt-file ~/.ssh/github_deploy_key
Detected repository as gaviners/mkdocs_blog, is this correct? |yes| yes
encrypting /Users/zhang/.ssh/github_deploy_key for gaviners/mkdocs_blog
storing result as github_deploy_key.enc
storing secure env variables for decryption

Please add the following to your build script (before_install stage in your .travis.yml, for instance):

    openssl aes-256-cbc -K $encrypted_889ea77ee21e_key -iv $encrypted_889ea77ee21e_iv -in github_deploy_key.enc -out ~\/.ssh/github_deploy_key -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add github_deploy_key.enc to the git repository.
Make sure not to add /Users/zhangguohao/.ssh/github_deploy_key to the git repository.
Commit all changes to your .travis.yml.
(base)  ~/Workspace/mkdocs_blog

如上所示,travis需要知道配置哪个库,因此在库路径下面

关键信息为上面的openssl这一行,traviskey作为变量,然后通过openssl还原出key文件

openssl aes-256-cbc -K $encrypted_889ea77ee21e_key -iv $encrypted_889ea77ee21e_iv -in github_deploy_key.enc -out ~\/.ssh/github_deploy_key -d

然后我们可以到travis中进行确认:

image-20191127114045279

上面增加了命令行中的变量

3、修改.travis.yml文件

before_install:
    - openssl aes-256-cbc -K $encrypted_889ea77ee21e_key -iv $encrypted_889ea77ee21e_iv -in github_deploy_key.enc -out ~\/.ssh/github_deploy_key -d
    - chmod 600 ~/.ssh/github_deploy_key
    - eval $(ssh-agent)
    - ssh-add ~/.ssh/github_deploy_key

如上所示,.travis.yml中添加这一个环节,我们就能够使用ssh的形式访问到我们的服务器了

4、参考链接