Share via

Using SSH keys in Azure Pipelines

39610456 101 Reputation points
2021-05-14T01:51:55.5+00:00

Dear Sir / Madam,

I am using the InstallSSHKey task in Azure Pipeline.
I copy the text from my public key using notepad (no wordwrap setting is on) and then paste the code into the azure-pipelines.yml file.
When I paste the text directly into the yaml file, the task works.
When I put the text into a Secret Variable and then substitute the key text in the yaml file with a reference to the variable, I get the following:

[error]Could not get the base64 portion of the public SSH key

I don't understand what is going on. I ensured over and over again that the exact text is being pasted in the key value box.
Any help will be greatly appreciated

Community Center Not monitored
0 comments
Accepted answer
  1. 39610456 101 Reputation points
    2021-05-17T15:34:57.6+00:00

    Hello Ladies and Gentlemen,

    Unfortunately, my accepted answer was wrong.

    I eventually figured the problem out.

    In Azure Pipelines when a Secret Variable is used, it is encourages that the Secret Variable is wrapped in an Environment variable for debugging purposes.
    For example a YAML line in Azure Pipelines reads:

    • task: InstallSSHKey@0
      inputs:
      knownHostsEntry: $(KNOWN_HOSTS)
      sshPublicKey: $(PUBLIC_KEY)
      sshKeySecureFile: 'id_rsa'
      env:
      KNOWN_HOSTS : $(aps-known-host)
      PUBLIC_KEY : $(aps-tf-public-key)

    The public key is a secret variable and will print in any log files without the environment variable alias as *
    However in the above code, the use of the environment variable, any log files will contain PUBLIC_KEY instead of *

    Azure Pipelines does not like environment variables for the sshPublicKey value and will give the "Could not get the base64 portion of the public SSH key" error and the pipeline will fail.
    Therefore the secret variable must be used and not the environment variable. Note the KNOWN_HOSTS variable works as expected.
    Hence the correct YAML synthax for the InstallSSHKey task is:

    • task: InstallSSHKey@0
      inputs:
      knownHostsEntry: $(KNOWN_HOSTS)
      sshPublicKey: '$(aps-tf-public-key)'
      sshKeySecureFile: 'id_rsa'
      env:
      KNOWN_HOSTS : $(aps-known-host)

    Other hints:
    In windows, use git bash to get the public key value:
    clip ~/.ssh/id_rsa.pub
    This copies the contents of the public key to the clipboard.
    When you create a secret variable in the Azure Pipeline library, paste the value.
    Additionally, I always press backspace and delete the last letter of key and then retype the last letter.
    Just in case an extra newline character was inserted.

    I really hope the above helps and prevents hours of untold and unnecessary aggravation.
    Take care, be safe and healthy.

    Best Regards,
    Nigel P

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. 39610456 101 Reputation points
    2021-05-14T06:49:21.68+00:00

    Well I found the answer and to me it is unbelievable.
    Anyway, I made the ssh keys on my Windows desktop.
    Therefore at the end of public key is the current username in the format username@<pc_name>
    If you paste the key as a String to the Install SSH key setting, the Azure Pipeline task will work.

    If you use a Secret variable to store the SSH key, the build will fail with the error
    96628-image.png

    [error]Could not get the base64 portion of the public SSH key.

    The ssh key must be generated with an email address properly formatted otherwise the build fails.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.