发表新帖
发表新帖

Capistrano asks for password when deploying, despite SSH keys

前端 未结
关注
7 1687
-上瘾入骨i
-上瘾入骨i 2020-12-22 23:14

My ssh keys are definitely set up correctly, as I\'m never prompted for the password when using ssh. But capistrano still asks for a password when deploying with cap d

相关标签:
7条回答
  • 予麋鹿
    2020-12-22 23:31

    The logs show it prompted for a password after logging in via SSH to jellly.com, so it looks like the actual git update is prompting for a password.

    I think this is because your repository setting specifies your git user, even though you can access it anonymously in this case.

    You should create an anonymous git account and change your repo line like this:

    set :repository,  "git@jellly.com:git/jellly.git"

    Alternatively, you could put your SSH key ON your production server, but that doesn't sound useful. You also might be able to configure SSH to forward authentication requests back through the initial SSH connection. The anonymous read-only source control for deploy is likely easier, though.

    0 讨论(0)
  • 忘掉有多难
    2020-12-22 23:38

    The password prompt is because the server you are deploying to is connecting to the git server and needs authentication. Since your local machine (where you are deploying from) already has a valid ssh-key, use that one by enabling forwarding in your Capfile:

    set :ssh_options, {:forward_agent => true}

    That forwards the authentication from your local machine through when the deployment server tries to connect to your git server.

    This is much preferred to putting your private key out on the deployment server!

    Another way of getting around the password prompt when the server is ssh'ing back on itself is to tell capistrano not to do so. Thanks to the 'readme' section for Daniel Quimper's capistrano-site5 github repo, we note the following:

    set :deploy_via, :copy

    Obviously, this works for the case where both the app and git repository are being hosted on the same host. But I guess some of us are doing that :)

    0 讨论(0)
  • 执念已碎
    2020-12-22 23:38

    I've had the same problem.

    This line did'nt work:

    set :ssh_options, {:forward_agent => true}

    Then I executed mentioned on Dreamhost wiki 

    [local ~]$ eval `ssh-agent`
[local ~]$ ssh-add ~/.ssh/yourpublickey  # omit path if using default keyname

    And now I can deploy without password.

    0 讨论(0)
  • 温柔的废话
    2020-12-22 23:39

    Executing ssh-add ~/.ssh/id_rsa in my local machine fixed the issue for me. It seemed that the ssh command line tool wasn't detecting my identity when called with Capistrano.

    0 讨论(0)
  • 一整个雨季
    2020-12-22 23:40

    If you're using a Windows workstation (portable) that you sometimes dock directly into an internal corporate network and sometimes connect via VPN, you may find that you get inconsistent behavior in running cap remote tasks asking you for a password.

    In my situation, our company has login scripts that execute when you logged in while already connected to the company LAN that set your HOME directory to a network share location. If you login from cached credentials and then VPN in, your home directory isn't set by the login script. The .ssh directory that stores your private key may be in only one of those locations.

    An easy fix in that situation is to just copy the .ssh directory from the HOME that has it to the one that doesn't.

    0 讨论(0)
  • 眼角桃花
    2020-12-22 23:42

    copying public key manually to authorized_keys did not work in my case but doing it via service worked, when I found service had simply added one more same key at the end

    ssh-copy-id ~/.ssh/id_rsa.pub user@remote
    0 讨论(0)
 看不清?
提交回复
热议问题