Best IT Recipes

Capistrano asks for password during deployment despite SSH keys

My ssh keys are definitely configured correctly since I never asked for a password when using ssh. But capistrano still asks for a password when deploying with cap deploy . It does not ask for a password when configuring cap deploy:setup , though, oddly enough. This would make the deployment cycle smoother without a password prompt.

Features: I am deploying the Sinatra app for a shared Dreamhost account (which uses Passenger). I followed the textbook that worked for so long, and then it worked perfectly. Since then, something has broken. I am using capistrano (2.5.9) and git version 1.6.1.1. Here is my Capfile:

 load 'deploy' if respond_to?(:namespace) # cap2 differentiator set :user, 'ehsanul' set :domain, 'jellly.com' default_run_options[:pty] = true # the rest should be good set :repository, "ehsanul@jellly.com:git/jellly.git" set :deploy_to, "/home/ehsanul/jellly.com" set :deploy_via, :remote_cache set :scm, 'git' set :branch, 'deploy' set :git_shallow_clone, 1 set :scm_verbose, true set :use_sudo, false server domain, :app, :web namespace :deploy do task :migrate do run "cd #{current_path}; /usr/bin/rake migrate environment=production" end task :restart do run "touch #{current_path}/tmp/restart.txt" end end after "deploy", "deploy:migrate"

And here is the output of what happens when I cap deploy , before the password prompt:

 $ cap deploy * executing `deploy' * executing `deploy:update' ** transaction: start * executing `deploy:update_code' updating the cached checkout on all servers executing locally: "git ls-remote ehsanul@jellly.com:git/jellly.git deploy" /usr/local/bin/git * executing "if [ -d /home/ehsanul/jellly.com/shared/cached-copy ]; then cd /home/ehsanul/jellly.com/shared/cached-copy && git fetch origin && git reset --hard ea744c77b0b939d5355ba2dc50ef1ec85f918d66 && git clean -d -x -f; else git clone --depth 1 ehsanul@jellly.com:git/jellly.git /home/ehsanul/jellly.com/shared/cached-copy && cd /home/ehsanul/jellly.com/shared/cached-copy && git checkout -b deploy ea744c77b0b939d5355ba2dc50ef1ec85f918d66; fi" servers: ["jellly.com"] [jellly.com] executing command ** [jellly.com :: out] ehsanul@jellly.com password: Password: ** [jellly.com :: out] ** [jellly.com :: out] remote: Counting objects: 7, done. remote: Compressing objects: 100% (4/4), done.

What can be broken?

+44
ruby ruby-on-rails ssh-keys sinatra capistrano
Jul 16 '10 at 23:55
source share
7 answers

The password request is that the server you are deploying to is connected to the git server and needs authentication. Since your local computer (where you are deploying) already has a valid ssh key, use it by enabling forwarding in your Capfile:

 set :ssh_options, {:forward_agent => true}

This redirects authentication from your local computer when the deployment server tries to connect to your git server.

This is much preferable if you disable your secret key on the deployment server!

Another way to get around the password hint when the ssh'ing server returns on its own is to say that capistrano does not. Thanks to the readme section for Daniel Quimper capistrano-site5 github repo, note the following:

 set :deploy_via, :copy

Obviously, this works for the case where both the application and the git repository are hosted on the same host. But I think some of us do it :)

+51
Sep 04 '10 at 20:34
source share

Running ssh-add ~/.ssh/id_rsa on my local machine fixed the problem for me. It seemed that the ssh command line tool did not detect my identity when called from Capistrano.

+53
Jan 22 '14 at 11:51
source share

I had the same problem.

This line does not work:

 set :ssh_options, {:forward_agent => true}

Then I did the above on the Dreamhost wiki

 [local ~]$ eval `ssh-agent` [local ~]$ ssh-add ~/.ssh/yourpublickey # omit path if using default keyname

And now I can deploy without a password.

+16
Feb 20 2018-11-11T00:
source share

The logs show that it asks for a password after logging in via SSH on jellly.com, so it looks like the actual git update is asking for a password.

I think this is because your repository parameter specifies your git user, although you can access it anonymously in this case.

You have to create an anonymous git account and change your repo line like this:

 set :repository, "git@jellly.com:git/jellly.git"

Alternatively, you can put your SSH key on your production server, but this does not seem useful. You can also configure SSH to forward authentication requests back over the initial SSH connection. However, an anonymous read source for deployment is more likely to be easier.

+3
Jul 17 2018-10-17T00:
source share

I copy and paste my local key id_rsa.pub into the remote authorization server file and it worked

+1
08 Sep '16 at 19:37
source share

If you use a Windows workstation (portable), which you sometimes connect directly to the internal corporate network, and sometimes connect through a VPN, you may find that you have inconsistent behavior when starting closed remote tasks with a password request.

In my situation, our company has login scripts that are executed at login, when they are already connected to the company’s local network, which install your HOME directory into the network’s shared folder. If you log in from cached credentials and then connect to the VPN, your home directory is not set when the script logs in. The .ssh directory in which your private key is stored can only be in one of these places.

An easy fix in this situation is to simply copy the .ssh directory from HOME, which has it, which does not.

0
Feb 19 '13 at 19:35
source share

copying the public key manually in authorized_keys did not work in my case, but it was done using the service when I found that the service just added another key at the end

 ssh-copy-id ~/.ssh/id_rsa.pub user@remote
0
May 17 '17 at 4:55 a.m.
source share


More articles:


All Articles