The heroku keys:add is a command that comes up frequently when reading about heroku on the internet.
What does it do exactly?
It's used to upload your public key if you are using SSH instead of HTTP as your git transport.
If you don’t already use SSH and if you want to use SSH Git transport
on Heroku, you’ll need to create a public/private key pair to deploy
code. This keypair is used for the strong cryptography and that
uniquely identifies you as a developer when pushing code changes.
Documentation
Related
I am trying to generate a ssh key for a user entered email id using rails.
In the action, I'm running all the commands needed to do the process using system() call.
Locally on Ubuntu 14.04, everything seems to work fine. But on Ubuntu Server 14.04 on AWS, the key is generated successfully but it fails on ssh-add.
The problem:
On my local system, ssh-agent is up and running all the time, but on the server it never starts automatically for each shell session. Which is the reason why ssh-add fails on server.
For that, I added some code in server's .bash_profile file which would start the ssh-agent on every session. Now, the ssh-agent runs on every time I set up a session with the server via ssh, but it won't run for th ruby's system() call.
I was doing:
system('ssh-add id_rsa')
which said Could not open a connection to your authentication agent
. So, next thing I did was this:
system('eval "$(ssh-agent -s)" & ssh-add id_rsa')
But still not able to resolve the problem.
I don't know why locally I didn't need to start the ssh-agent manually and all of the code ran without any problem. And how can I make ssh-agent work as it is working on my local system.
I want to be able to add the newly generated ssh key using ssh-add some-key and make it persistent so that I don't have to add that again later if I reboot the server. I am doing all this in a rails method which is issuing all the commands using system() calls.
Help would be very appreciated. Thanks.
I want to clone and pull code from a person's git repository, that may be private in which case I am generating a pair of ssh keys and adding the public key to the person's github account using the API.
It's like the server will be accessing 5-10 people's private github repositories by creating ssh keys for all of them and adding the public keys into their account. Example: http://gist.github.com/jexchan/2351996
To access remote repository using git you don't need ssh-agent. Specifying the keys in the ssh_config such as
Host github.com-user1
HostName github.com
IdentityFile ~/.ssh/id_rsa_user1
and then cloning using:
git clone git#github.com-user1:user1/whatever.git whatever
works the same way. But make sure the config file is accessible.
Also using ssh-agent does not scale, since the agent is offering all the keys that he has, regardless the user (in the linked example). If you grow up over ~5 repositories, you would start seeing authentication failures.
In Cloud9 I do:
$ git push -u origin --all
The authenticity of host 'bitbucket.org (131.103.20.168)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?
I added the ssh-key from cloud9 to Bitbucket. Shouldn't that be enough to have Bitbucket authenticated by Cloud9?
No. When you'll first connecting to bitbucket, ssh client on your machine will store RSA fingerprint in file called known_hosts. Then before each connection server fingerprint will be validated with stored one (to avoid man-in-the-middle attack).
So - you need to accept this fingerprint only once (if you're diligent you should compare it with fingerprint provided by bitbucket).
If your key is added, you might be missing this important step...
When we get the prompt Are you sure you want to continue connecting(yes/no)? then we should type yes before hitting the return/Enter key.
Good Luck.
Good Morning,
I have started deploying my grails app to Heroku.
I have been following this tutorial:
https://blog.heroku.com/archives/2011/12/15/grails
Everything was good until
git push heroku master
The error occured:
Permission denied (publickey). fatal: Could not read from remote
repository.
Please make sure you have the correct access rights and the repository
exists
How can I fix it?
Thanks
Heroku needs to get your SSH public key. See Managing your SSH Keys.
You need to generate an SSH key, if you don't have one yet.
ssh-keygen -t rsa
Then, you'll need to upload this public key to heroku
heroku keys:add
Heroku can now identify you for who you are, and will allow you to push to your repository.
I just bought an SSL certificate for my Heroku-deployed app. Following their instructions, I downloaded the certificate and private key, saved them in server.crt and server.key files (with some RapidSSL CA deal thrown in there), and am now planning on pushing and deploying. The worry is, my github repo is public, and I feel like it's a bad idea to push my "private" keys and certificates to a public site. Sort of defeats the purpose of the SSL, right?
But how else do I get it to work without publishing this info? I'm new to SSL and coding, and I just very much do not want to throw away the security I just spent good money on because I don't understand how this all works.
Sorry if this question wasn't very code-y. Just didn't know where better to ask.
EDIT -- I'm looking at Heroku docs right now that say to add a Heroku SSL Add-On, and then just type
heroku certs:add server.crt server.key
to get heroku to pick up on the files and use the SSL Certificate. But that doesn't change the problem that I have two files in my PUBLIC repo with PRIVATE security info. Do I just add them to .gitignore or something?
You should not check any of the files that you created for the SSL into the source control (server.crt, server.key, etc.), nor push them to Heroku. As Heroku's documentation states, you should use the certs command line to add them once you have an SSL add on.
Heroku does not require you to push those two files to your repository. You can simply do heroku certs, and it will pick and upload them from your local folder. The repo isn't involved.
I have an Ant build that will sometimes execute a 'git push' within a directory on my server. I can do this fine interactively because it asks for the passphrase for my key, but this becomes problematic if you set up a cron job to run the build unattended.
Are there options for me beyond not using a passphrase? I've heard of using ssh-agent, but I've also heard for unattended processes that route won't work. Does anyone have any recommendations for this, and perhaps an example of how to implement it?
I saw that someone suggested to run the cron as a daemon here:
Accessing SSH key from bash script running via a cron job -- but I'm not sure how I could do that or put in my passphrase without compromising it by putting it in plain text, etc.
Any help greatly appreciated.
First, set yourself up for password-less login.
Use ssh-keygen to generate a public/private key pair with no password. Append the public key to ~/.ssh/authorized_keys on the server.
Then run ssh -i /path/to/private_key server to confirm that the password-less login is working.
Finally, configure git to use that ssh -i ... command.
As #mah suggests, you might want to create a specific git account on the server. You add the public key to ~git/.ssh/authorized_keys to enable the password-less login.
authorized_keys also has options to restrict what commands the incoming connection can run. If you are interested in those features, read the SSH documentation.
And of course, you want to keep the private key file readable only by you.
I would solve this by creating a restricted account on the git server and have the ant client use a keyless cert to that restricted account.