argo-cd: Unable to use ssh gitlab connection for on prem gitlab

We wanted to use argocd with our on prem gitlab. Our gitlab is using self signed cert, so decided to use ssh instead.

But i keep getting this error ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

If anyone have an idea on how to get past this one.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 21 (15 by maintainers)

Commits related to this issue

Most upvoted comments

I see this issue myself when using SSH + declarative setup, what was the fix @balchua?

Since I ran into the same problem today while trying to add a private repo from my GitLab instance via SSH (AND host key verification) in a declarative way to my ArgoCD running in Minikube, I’ll share my solution:

  1. Generate a SSH keypair for Argo without a password (ssh-keygen -t ed25519 -N '' -C argo@minikube -f ed25519_delme)

  2. Add it as a (read only) deploy key to the GitLab repo

  3. From the declarative doc, take the argocd-repositories.yaml manifest, add the git SSH clone url, the sshPrivateKey (from ed25519_delme), adapt name and remove username and password

    apiVersion: v1
    kind: Secret
    metadata:
      name: gitlab-argo-examples
      namespace: argocd
      labels:
        argocd.argoproj.io/secret-type: repository
    stringData:
      url: git@git.example.org:mine/gitlab-argo-examples.git
      sshPrivateKey: |
        -----BEGIN OPENSSH PRIVATE KEY-----
        ... taken from ed25519_delme ...
        -----END OPENSSH PRIVATE KEY-----
    
  4. Append the host key fingerprints from ssh-keyscan git.example.org 2> /dev/null to the argocd-ssh-known-hosts-cm.yaml manifest ssh_known_hosts block, as well as adding the ArgoCD namespace:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      labels:
        app.kubernetes.io/name: argocd-ssh-known-hosts-cm
        app.kubernetes.io/part-of: argocd
      name: argocd-ssh-known-hosts-cm
      namespace: argocd
    data:
      ssh_known_hosts: |
        bitbucket.org ssh-rsa AAAAblablabla...
        [...]
        git.example.org ssh-ed25519 AAAA...
        git.example.org ssh-rsa AAAABANANAAAAAA...
    
  5. kubectl apply -f argocd-ssh-known-hosts-cm.yaml and kubectl apply -f argocd-repositories.yaml. Now the ArgoCD web UI should report a 🗹 Successful connection to the repo and work.

I hope this helps anyone 😉

🎉 Multiple Private Repos in Gitlab - Shared SSH Key - Prefixed ssh://

  • First define the shared secret using ssh:// repos for pattern matching the URLs
  • Declare the repo in a project that matches the repo substring

🔧 Shared Gitlab Secret for an Org

apiVersion: v1
kind: Secret
metadata:
  name: argocd-gitlab-private-repo-creds
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repo-creds
stringData:
  type: git
  url: ssh://git@gitlab.com/xyz
  sshPrivateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIJKAIBAAKCAgEA4MlrODdd+t3vNPGnel1lUA7FgTikVmK9sTDF+IMPaD32ChME

🔧 Declare the app with URL (substring)

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: xyz-payment-aws-sae1-ppd-dev
  namespace: argocd
spec:
  destination:
    namespace: xyz-aws-sae1-ppd-dev
    server: https://kubernetes.default.svc
  project: default
  source:
    repoURL: ssh://git@gitlab.com/xyz/services-deploy/payment-service-deploy.git
    path: env/aws-sae1-ppd-dev
    targetRevision: HEAD
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true
    - Validate=false
    - ApplyOutOfSyncOnly=true