ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory Permission denied, please try again

Question

I want to run pipline on Bitbucket. I made all the necessary settings. I installed ssh_askpass. I am using Ubuntu 18.

However, I am getting the error below.

ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied, please try again.

My bitbucket-pipelines.yml file:

pipelines:
  default:
    - step:
        deployment: staging
        caches:
          - composer
        script:
          - ssh -T [email protected]
          - eval `ssh-agent -s` && ssh-add ~/.ssh/id_rsa && ssh-add -l
          - cd /var/www/backoffice/
          - git checkout master 
          - git pull origin master 
          - sudo php artisan optimize 
          - sudo composer dump-autoload
          - echo 'Deploy finished....'

Answer 1

You aren't going to be able to use any sort of GUI program like ssh-askpass on a CI system because on Linux CI systems there is no GUI available.

If you want to use an SSH key in a CI system, you should use one that does not have a password set and store it in your CI system's secret store, then copy it to a file and use it. OpenSSH intentionally does not provide a way to programmatically read a password.

Note that if you have only one SSH key without a password, you don't need ssh-agent or ssh-add at all. Assuming the contents of your private key are in the variable SSH_KEY (e.g., due to your CI system's secret store), you can simply do this:

echo "$SSH_KEY" > ~/.ssh/id_rsa
ssh [email protected] 'echo hello from the remote machine`

You won't want to run ssh without a command since that will try to start an interactive session, which won't be useful to you. If your goal is to use Git to push and pull over an SSH connection, then you don't need to run ssh at all.

Finally, note that you will probably want to write the remote system's host key information into a file as part of your pipeline, either from your pipeline or a secret, because SSH won't connect if the host key isn't trusted. You can obtain this information by running a command like this: ssh-keyscan github.com 2>/dev/null. You can then take that output and insert it into your known_hosts file like this:

echo "github.com ssh-rsa AAAA...truncated" > ~/.ssh/known_hosts

This is far more secure than turning off strict host key checking.

Answer 2

When you configure pipeline deployments through Bitbucket you need to make sure you've updated Bitbucket with the fingerprint of each server. I recently discovered if you fail to do that you get ssh_askpass error, which is a little misleading.

To add the server fingerprint, go to "Repository Settings", then scroll down to the "Pipeline" section on the left and click "SSH Keys".

On the SSH Keys page, scroll to the bottom and you'll see a section titled "Known hosts".

Enter the IP address for the server and click the "Fetch" button to have Bitbucket fetch the fingerprint. Wait a second and it will populate the finterprint in the textbox just to the right of the host address. Once that's done click the button to add the host to the Known Hosts list.

You also need to setup the SSH keys but based on the error you're seeing, I'm betting you already did that part.

Answer 3

I experienced a similar error using VS Code communicating with a git repository on a local build of Azure DevOps Server. I fixed the problem by

1. Replacing the ssh url with a http url in the .git/config file.

#unedited
[remote "origin"]
    url = ssh://X.X.X.X:22/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*
|update
|this
V
#edited
[remote "origin"]
    url = http://X.X.X.X/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*

2. Performing a $ git fetch. Entered username and password here.

3. Then changing the .git/config file back to the ssh url.

#edited for resetting known_host key file.
[remote "origin"]
    url = http://X.X.X.X/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*
|update
|this
V
#final form
[remote "origin"]
    url = ssh://X.X.X.X:22/theproject/_git/serverThing
    fetch = +refs/heads/*:refs/remotes/origin/*

4. Perform another $ git fetch - This results in updating the .ssh/known_host key file.

The authenticity of host 'X.X.X.X (X.X.X.X)' can't be established.
RSA key fingerprint is SHA256:noisehash.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'X.X.X.X' (RSA) to the list of known hosts.

I hope this helps.