Protected ssh key with passphrase cannot git clone/pull

[Unitech]

Unitech/pm2#4072

[albertosantini]

Well, I worked out the task using a key with passphrase.

Basically the passphrase is only used to login into target server.
The same ssh key, used to clone the repo on target server, is not protected with a passphrase.

I try to explain my setup.

To login on target server:

• on localhost: the usual ssh key setup (~/.ssh/my-pm2-ssh-key_rsa, ~/.ssh/my-pm2-ssh-key_rsa.pub)
• on target: server the pub key in .ssh/authorized_keys file
• test with ssh 10.10.10.10 and after asking the passphrase, you shoud login

To clone the repo on target server:

• add the pub key to the gitlab or github account
• scp ssh key (pub and private) to the target server as .ssh/id_rsa and id_.ssh/rsa.pub
• remove the passphrase with ssh-keygen -p (empty when asking to enter new passphrase)
• test with ssh -T [email protected] and the reply is Welcome to...

Yes, we have the same pub key in the authorized_keys and in the file id_rsa.pub.
Yes, I tried to configure .ssh/config or ~/.gitconfig to use another key, but I failed.

In ecosystem.json:

• add "key" : "~/.ssh/my-pm2-ssh-key_rsa"

And now the magic:

$ pm2 deploy ecosystem.json production setup
--> Deploying to production environment
--> on host 10.10.10.10
  ○ hook pre-setup
Enter passphrase for key '/c/Users/alberto.santini/.ssh/my-pm2-ssh-key_rsa':
  ○ running setup
  ○ cloning [email protected]:myuser/foo.git
  ○ full fetch
Enter passphrase for key '/c/Users/alberto.santini/.ssh/my-pm2-ssh-key_rsa':
Cloning into '/home/santini/pm2/foo/source'...
Enter passphrase for key '/c/Users/alberto.santini/.ssh/my-pm2-ssh-key_rsa':
  ○ hook post-setup
  ○ setup complete
--> Success

[brapifra]

I'm also struggling with this.
I had to remove the ssh passphrase to be able to use pm2 deploy