Forums

Setting up SSH and github. problem adding certificate with passphrase

Hello, pardon me for once another topic on the setup of ssh, but i could not find a solution so far.

SETUP

My setup is a django project hosted on a github repo, to which i push from local or staging instances. in production, in projects copy in a virtual env on pythonanywhere, the repo gets pulled and some django update commands triggered.

So far all works with https and manually updating from a bash terminal. I want to automate and i need to connect to the github remote from the server with ssh.

I have created a key according to the python anywhere documentation and have successfully "installed" it with these series of commands:

eval $(ssh-agent) &&
ssh-add ~/.ssh/id_rsa_xxx && # note this will require me to insert the ssh passphrase
git pull
[more django and migration related commands]

Project updated.

PROBLEM:

Now tho, every time i am logging in a new bash i have to re-execute the two ssh-agent and ssh-add commands and re-insert the passphrase manually. Is there a way to automate this? Or am I doing the right way at all considering i want to put all the update commands in a script and trigger it from the CI?

You can add the commands to your .bashrc file (in your home directory) if you want them to be run every time you start a bash console; you will still need to enter your passphrase, though. The only way to avoid that step is to create an SSH key without a passphrase, which will probably be necessary if you're planning to set up a CI pipeline that you want to run without interaction.

Ahh, so avoiding the passphrase is a necessary condition for the CI, but this defeats the intrinsic safety of the ssh key, which is on the server. Ok, thanks, i was hoping there were better options.

What would be your desired workflow that is automatic and safe-enough in your opinion?