lftp quirk with SSH Public Key authentication

read
An isometric, tech-themed illustration in shades of blue and neon green, depicting a GitLab CI/CD deployment pipeline on a grid background.
This AI-generated image should summarize this blog post. Somehow.

So lastly I was setting up my deployment pipeline in GitLab for this blog. For that I’m using the mirror function in lftp to mirror the public folder to my server.

Obviously the mirroring is done through an chrooted SFTP connection secured by passwordless Public Key authentication. Usually not a problem for lftp, but it just wouldn’t work in my pipeline.

To show you what I mean, this was my pipeline (simplified):

before_script: # Installing dependencies e.t.c. # Inserting SSH private key from environment variables script: # Building Hugo pages - echo "Starting SFTP deployment..." - lftp -e "set sftp:auto-confirm yes; open -p $SSH_PORT sftp://$SSH_USER@$SSH_IP; lcd ./public; mirror -R -e ." - echo "Deployment complete."

For whatever reason at the lftp command I always got the message open: GetPass() failed -- assume anonymous login, and then it got stuck. Possibly because he tried to connect to my SFTP server anonymously, which doesn’t work. Nonetheless I tried to fix it with no luck, Claude tried to fix it with no luck. Maybe the SSH key wasn’t set up correctly. No. Maybe lftp didn’t see my key. No. Claude tried to set the command sftp:connect-program 'ssh -a -x -i /path/to/ssh/key -o BatchMode=yes before the open command. Also nothing.

After many tries I tried to execute the lftp commands on my local machine by hand, not in a script. And lo and behold, it asked for a password.
A password? There is no password. Not for the key and not for the login.
So I pressed Enter, and I was logged into SFTP. I tried again, entered a random string, and I was logged in.

Later I found a thread on Stack Overflow (I don’t have the exact thread anymore). As it turns out, you have to enter a password even though there is no password. Just enter a random string for a password.

So the final working pipeline is the following (simplified again):

before_script: # Installing dependencies e.t.c. # Inserting SSH private key from environment variables script: # Building Hugo pages - echo "Starting SFTP deployment..." - lftp -e "set sftp:auto-confirm yes; open -u $SSH_USER:some_random_bla -p $SSH_PORT sftp://$SSH_IP; lcd ./public; mirror -R -e ." - echo "Deployment complete."

I added -u $SSH_USER:some_random_bla to the open command open so lftp uses a random password and doesn’t try to ask for one.

And now it works and Claude wrote something into a memory file.

Oli out