Django app for continuous deployment using Gitlab on DigitalOcean droplet return permission denied for SSH

I’m trying to implement CD for my containerized(Docker, nginx) Django app using gitlab on DigitalOcean droplet.

I have created a pair of SSH keys and add the public key to DigitalOcean platform. I can login to my droplet using that SSH key.

Now, I have added the private key as the environment variable at gitlab as: $PRIVATE_KEY , so now when I run the deployment it return the permission denied error.

Here’s my : .gitlab-ci.yml:

  name: docker/compose:1.29.2
  entrypoint: [""]

  - docker:dind

  - build
  - deploy

  DOCKER_HOST: tcp://docker:2375
  DOCKER_DRIVER: overlay2

  - export WEB_IMAGE=$IMAGE/web:web
  - export NGINX_IMAGE=$IMAGE/nginx:nginx
  - apk add --no-cache openssh-client bash
  - chmod +x ./
  - bash ./

  stage: build
    - docker pull $IMAGE/web:web || true
    - docker pull $IMAGE/nginx:nginx || true
    - docker-compose -f build
    - docker push $IMAGE/web:web
    - docker push $IMAGE/nginx:nginx

  stage: deploy
    - mkdir -p ~/.ssh
    - echo "$PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
    - cat ~/.ssh/id_ed25519
    - chmod 700 ~/.ssh/id_ed25519
    - eval "$(ssh-agent -s)"
    - ssh-add ~/.ssh/id_ed25519
    - ssh-keyscan -H '' >> ~/.ssh/known_hosts
    - chmod +x ./
    - scp  -o StrictHostKeyChecking=no -r ./.env ./ root@$DO_PUBLIC_IP_ADDRESS:/root/
    - bash ./

The build stage is passed but the deploy is failed with the following error:

$ chmod +x ./
$ bash ./
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
Login Succeeded
$ mkdir -p ~/.ssh
$ echo "$PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
$ cat ~/.ssh/id_ed25519
$ chmod 700 ~/.ssh/id_ed25519
$ eval "$(ssh-agent -s)"
Agent pid 27
$ ssh-add ~/.ssh/id_ed25519
Identity added: /root/.ssh/id_ed25519 (<COMMENT>)
$ ssh-keyscan -H '' >> ~/.ssh/known_hosts
# SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
$ chmod +x ./
$ scp  -o StrictHostKeyChecking=no -r ./.env ./ root@$DO_PUBLIC_IP_ADDRESS:/root/app
Warning: Permanently added '' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
root@ Permission denied (publickey,password).
lost connection
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 1

Here’s my


ssh -o StrictHostKeyChecking=no root@$DO_PUBLIC_IP_ADDRESS << 'ENDSSH'
  cd /root/
  export $(cat .env | xargs)
  docker pull $IMAGE/web:web
  docker pull $IMAGE/nginx:nginx
  docker-compose -f up -d

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.


What I could suggest trying is to add a new line at the end of the PRIVATE_KEY variable so that it matches the required format.

If this does not work, what I could suggest is adding the -vvv debug flag for the scp command so that you could see the actual error rather than just the permission denied message. This extra output might give you more information on why the connection is failing.

Let me know how it goes! Regards, Bobby