I configured capitrano to deploy a Rails app from Git bash on Windows. I created one rsa key to connect to the remote server with the user deploy and another rsa key to connect to bitbucket with my account.
Before deploying I set up the ssh-agent with both keys.
When deploying I have an authentication failed (publickey error) nevertheless when I try to ssh deploy#myserver.com it works and from inside my server if I try git -T git://bitbucket.org it connects and show me my username.
How can I debug this issue?
The issue was that the ssh client used by capitrano doesn't handle ssh-agent on Windows. The solution was to use Pageant the agent of the putty project but before importing keys to pageant they have to be converted to the ppk format by puttykeygen
Related
I have a rails app that I could so far successfully deploy to my Ubuntu server using capistrano 3.
Last night I did a successful server update using do-release-upgrade:
Linux my-server 5.15.0-47-generic #51-Ubuntu SMP Thu Aug 11 07:51:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
I can still ssh into the server using my id_rsa key from my Mac Terminal:
ssh user#my-server.example.com
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-47-generic x86_64)
However Capistrano now asks for the password instead of asking me for the passkey of my id_rsa certificate:
cap production deploy
user#my-server.example.com's password:
I tried to run ssh-copy-id too to make sure the certificate is re-uploaded:
ssh-copy-id user#my-server.example.com
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)
It's all quite weird since just yesterday I did do several deployments:
ls -lia rails/releases/ | grep 20220913 | wc -l
9
I did not enable passwords for the SSH access at all so I am wondering how to re-enable the SSH communication with my sever.
Update
The issue might be related to "SSH agent forwarding". I did use capistrano-ssh-doctor and it told me that:
SSH agent forwarding report
[success] repo_url setting ok
[success] ssh private key file exists
[success] ssh-agent process seems to be running locally
[success] ssh-agent process recognized by ssh-add command
[success] ssh private keys added to ssh-agent
[success] application repository accessible from local machine
[success] all hosts using passwordless login
[success] forward_agent ok for all hosts
[success] ssh agent successfully forwarded to remote hosts
[error] It seems Capistrano cannot access application git repository from these hosts: my-server.example.com
Actions:
make sure all the previous checks pass. That should make this one work too.
It seems SSH agent forwarding is not set up correctly. Follow the
suggested steps described in error messages. Errors (if more than one)
are ordered by importance, so always start with the first one.
So I logged in on the server and I was able to successfully clone the repository.
There is some information in this post:
I'd still like to find out why I can't use the git#github.com:{github-organization}/{private-repo}.git format for :repo_url, with keys, when all of the SSH forwarding report's requirements seem to be met. If you need further info from me just let me know - and thanks again for any help!
So it seems that the :repo_url needs to be changed. I'll give that a shot.
I did figure out that now for some reason the following command does no longer work:
cap staging deploy
Instead I need to use bundler
bundle exec cap staging deploy
Had the same issue. This fixed it for me: https://askubuntu.com/questions/1409105/ubuntu-22-04-ssh-the-rsa-key-isnt-working-since-upgrading-from-20-04
Add this to the end of /etc/ssh/sshd_config:
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
It's possible to authenticate with a docker repo automatically using rsa certificates as described here.
However, this sets up this authentication for all users. This is a problem because I have personal certificates I want to use to authenticate with from my account only. If I followed the steps above then anyone who happened to be using the same VM would automatically authenticate with docker as me, which I don't want.
So how can I configure docker so I get the same convenience of automatic authentication with my cert without risking someone else on the machine accidentally using the same certs to authenticate?
Podman can do this trick: https://docs.podman.io/en/latest/markdown/podman-login.1.html
--cert-dir=path
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d) Please
refer to containers-certs.d(5) for details. (This option is not
available with the remote Podman client, including Mac and Windows
(excluding WSL2) machines)
$ podman login --cert-dir /home/myuser/certs.d/ -u foo -p bar localhost:5000
Login Succeeded!
I am trying to generate a ssh key for a user entered email id using rails.
In the action, I'm running all the commands needed to do the process using system() call.
Locally on Ubuntu 14.04, everything seems to work fine. But on Ubuntu Server 14.04 on AWS, the key is generated successfully but it fails on ssh-add.
The problem:
On my local system, ssh-agent is up and running all the time, but on the server it never starts automatically for each shell session. Which is the reason why ssh-add fails on server.
For that, I added some code in server's .bash_profile file which would start the ssh-agent on every session. Now, the ssh-agent runs on every time I set up a session with the server via ssh, but it won't run for th ruby's system() call.
I was doing:
system('ssh-add id_rsa')
which said Could not open a connection to your authentication agent
. So, next thing I did was this:
system('eval "$(ssh-agent -s)" & ssh-add id_rsa')
But still not able to resolve the problem.
I don't know why locally I didn't need to start the ssh-agent manually and all of the code ran without any problem. And how can I make ssh-agent work as it is working on my local system.
I want to be able to add the newly generated ssh key using ssh-add some-key and make it persistent so that I don't have to add that again later if I reboot the server. I am doing all this in a rails method which is issuing all the commands using system() calls.
Help would be very appreciated. Thanks.
I want to clone and pull code from a person's git repository, that may be private in which case I am generating a pair of ssh keys and adding the public key to the person's github account using the API.
It's like the server will be accessing 5-10 people's private github repositories by creating ssh keys for all of them and adding the public keys into their account. Example: http://gist.github.com/jexchan/2351996
To access remote repository using git you don't need ssh-agent. Specifying the keys in the ssh_config such as
Host github.com-user1
HostName github.com
IdentityFile ~/.ssh/id_rsa_user1
and then cloning using:
git clone git#github.com-user1:user1/whatever.git whatever
works the same way. But make sure the config file is accessible.
Also using ssh-agent does not scale, since the agent is offering all the keys that he has, regardless the user (in the linked example). If you grow up over ~5 repositories, you would start seeing authentication failures.
Im deploying a rails app to a digitalocean server with these steps.
http://dokku.viewdocs.io/dokku/application-deployment/
problem is when i get to the Deploy App section it says
Now you can deploy the ruby-rails-sample app to your Dokku server. All you have to do is add a remote to name the app. Applications are created on-the-fly on the Dokku server.
git remote add dokku dokku#dokku.me:ruby-rails-sample
git push dokku master
When i enter that its asking to enter dokku:dokku.me password.
Does anyone know why or what is the default password for this? No mention of dokku.me before this step.
We don't set a password on the user, so this is likely your ssh key's password.
dokku.me is a placeholder for the documentation. Replace it with your digital ocean droplet hostname
I solved the mine by typing this command in my terminal
cat ~/.ssh/id_rsa.pub | ssh root#serverIp "sudo sshcommand acl-add
dokku laptop"
after type your password and you can try again to deploy
I get Host key verification failed error whenever I try to put my GITLAB git address into Jenkins.
I've tried:
- using multiple different SSH paths. Including removing : and replacing /. Used http
- I've ssh and tried to run the command in the terminal, when prompted to say y/n I pressed Y.
- It works with Github.
- I've tried going to my jenkins/.ssh/ida_pub and adding my keys.
Failed to connect to repository : Command "/usr/local/git/bin/git ls-remote -h git#:/.git HEAD" returned status code 128:
stdout:
stderr: Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
If you make the repo you are trying to connect to public in Gitlab (Settings -> Edit Project -> Public mode) you should be able to connect using http (but only http).
If the repo is not public you will need to install an SSH key on Jenkins that has permissions to access the repo. My understanding is that the Jenkins git plugin does not currently use the SSH credentials already stored in Jenkins so you will need to install the key on the master and slaves that will run this build. How you do this will depend on your OS but I find it easiest to use an SSH config file on Linux.