Local Computer Username: Christopher
Ubuntu Server Username: my_app_name
I have followed the Digital Ocean documentation to set up an Ubuntu 16.04 server with Ruby on Rails and is my first time doing so, though when I get to cap production deploy:initial the console returns Net::SSH::AuthenticationFailed: Authentication failed for user Christopher#12.23.34.45 even though I am able to ssh without a problem into my root and user accounts.
I followed these instructions:
How to connect your droplet with Digital Ocean
https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh
Initial Server Setup with Ubuntu 16.04
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
I generated an ssh public/private key pair on my local computer using:
ssh-keygen -t rsa
I added the public key from my local computer to the servers ~/.ssh/authorized_keys file. I was then able to ssh into my root and user accounts.
I then followed these instructions:
Deploying a Rails App on Ubuntu 14.04 with Capistrano, Nginx, and Puma
https://www.digitalocean.com/community/tutorials/deploying-a-rails-app-on-ubuntu-14-04-with-capistrano-nginx-and-puma
I generated another ssh key, this time on the server and added the public key to my github's deploy keys list. I was then able to successfully clone my repo through ssh.
I run the following commands:
cat ~/.ssh/id_rsa.pub | ssh -p your_port_num deploy#your_server_ip 'cat >> ~/.ssh/authorized_keys'
cap production deploy:initial
And get back:
Net::SSH::AuthenticationFailed: Authentication failed for user Christopher#12.23.34.45
I would really appreciate any help as this is my very first time deploying to an Ubuntu server and I would really like to learn what it is I'm doing wrong. Thank you in advance.
Did you add your key to the Agent?
What do you see when you run:
$ ssh-add -l
If you get 'The agent has no identities.', then add your key with:
$ ssh-add id_rsa_key_name
First of all you need to ssh to your server and run
eval `ssh-agent`
and then
ssh-add ~/.ssh/id_rsa
and now change
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa.pub) }
#
to
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa) }
#
I just removed pub from id_rsa.pub.
And then run
cap production deploy:initial
It should work now. Same changes fixed the issues for my app https://www.wiki11.com.
You have :
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa.pub) }
Change it to:
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa) }
Keys should have private key location only. Also, enable ssh-agent on local machine using ssh-add. Add ForwardAgent yes in ~/.ssh/config for your Host.
I had some weird problems as long as I did not use bundler. So using capistrano like so then worked again for me:
# good
bundle exec cap production deploy
Instead of just:
# no good
cap production deploy
You need to add the following line to your config/deploy.rb
ssh_options[:forward_agent] = true
Refer this post.
Related
This is my first time using linode and uploading a Rails app to a VPS, so I might of skipped something obvious.
I followed two tutorials
Ryan Bates video to deploying to a vps
and
David's answer on Stackoverflow
I am at the point where I want to deploy my rails app on Linode (Ubuntu 13.10)
When I execute the command bundle exec cap deploy:update
I get the errors that Linode cannot connect to github due to a public key
user:my-app User$ bundle exec cap deploy:update
* 2014-02-12 17:19:46 executing `deploy:update'
** transaction: start
* 2014-02-12 17:19:46 executing `deploy:update_code'
updating the cached checkout on all servers
executing locally: "git ls-remote git#github.com:user/my-app.git master"
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
*** [deploy:update_code] rolling back
* executing "rm -rf /home/user/apps/my-app/releases/20140212091953; true"
servers: ["XXX.XXX.XX.XX"]
[XXX.XXX.XX.XX] executing command
command finished in 4607ms
Command git ls-remote git#github.com:user/my-app.git master returned status code pid 1529 exit 128
On my local machine I have no problem to commit and push my app on Github and I have RSA Keys on my local computer. It just asks me to login with my username and password each time I push my app.
On linode from the shell, I can connect to github by using ssh -vT git#github.com. I do have the RSA keys on the linode server and I added the ssh-agent using ssh-add
my deploy.rb
set :application, "my-app"
set :user, "user"
set :deploy_to, "/home/#{user}/apps/#{application}"
set :deploy_via, :remote_cache
set :use_sudo, false
set :keep_releases, 3
default_run_options[:pty] = true
set :scm, :git
set :repository, "git#github.com:user/#{application}.git"
set :ssh_options, { :forward_agent => true }
# ssh_options[:forward_agent] = true
set :branch, "master"
I am a bit at a loss.
EDIT: I have a private repository
I just moved from Linux to Mac OSx. Thus, I have imported whole .ssh folder from linux to mac. While moving from linux to linux it worked, but to make it work on Mac, I had also to run:
ssh-add
That's the whole fix ;) See http://peteoliveira.com/deploying-with-capistrano-3-failing-permission-denied-publickey/ for more info.
So I found the solution to this github connection. I actually have another problem with the deployment where the bundle install fails. Anyways here is what I learned and I hope it will help others.
What you need to know:
With Capistrano when you wish to push your public or private Github
repository onto your VPS server, you need to make sure that BOTH your
server and your computer has an SSH access with Github.
Even if you can git push origin master it doesn't mean you have SSH
access with Github. Here is how you troubleshoot:
A) Make sure you can SSH access from your computer
Make sure you have Git installed on your machine Set up Git
tutorial
Make sure that you have an SSH Key on your local machine (with Linux
or Mac)
cd ~/.ssh then
ls -a
and look for the files id_rsa and id_rsa.pub
If you don't have these rsa files, follow this tutorial
Generating SSH keys
Copy your SSH key
pbcopy < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard
Login with your browser on http://www.github.com and go to
your_username -> edit profile -> settings -> ssh keys
https://github.com/settings/ssh. Click the button Add keys, add the name that identifies your comptuter and paste the key code that you previously copied.
Make sure you have SSH Agent on. In Terminal type
ssh-add #enter a passphrase if you want to (recommended)
Test if you can SSH with Github
ssh git#github.com
The first time it may ask you to accept the connection.
You should get the following response
PTY allocation request failed on channel 0
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
You can also make sure that your id_rsa is properly found by running
ssh -vT git#github.com
# make sure that this line is not -1 (it means it couldn't find the file)
=> debug1: identity file /Users/YOUR_USERNAME/.ssh/id_rsa type 1
Now you shouldn't have permission denied (Public Key)
B) Make sure you can SSH access from your server
Run ssh root#your_server_ip_address if you didn't setup a user on your server or ssh username#your_server_ip_address. You will then be within the server shell and you want to repeat the same process for your computer.
NOTE: The server SSH Keys will be different than your computer. That means that on Github you need to add 2 SSH Keys, one for your computer and one for your server. That is why you need to repeat the process on both machines. Also to keep it simple, do not try to have more than one SSH Key on each machine.
NOTE 2: In your server after you generated your SSH key, to copy it run the command cat ~/.ssh/id_rsa.pub
Once both your computer and the server are accepted on Github, then you can update your rails app using capistrano and your Github repository. Yay!
This is my situation: I have this rails app that I have "capified" and I'm trying to deploy with capistrano onto my Ubuntu cloud server. I have been following this guide -> http://robmclarty.com/blog/how-to-deploy-a-rails-4-app-with-git-and-capistrano
When I run $ cap production deploy, cap aborts and I get the result Net::SSH::AuthenticationFailed.
My guess: My server is not getting access to my bitbucket repo?
Well I have generated an ssh key on my server, added the key in my bitbucket account and also done a git ls-remote git#bitbucket.org:my-username/my-repo.git.
So what am I missing here?
Here's my config/deploy.rb: https://gist.github.com/anonymous/7707266
So my dev computer could not access the production server. It turned out I had put the line server "<server-ip>", user: "depoy-user", roles: %w{web app} in config/deploy.rb. Moving it into config/deploy/production.rb solved my problem. Facepalms, facepalms everywhere.
I'm trying to deploy a Rails App with Capistrano on an AWS-EC2 instance, with the default user (Ubuntu) in another user's home but it gaves me a "Permission Denied" error. This is my code:
server "9.9.9.9", :web, :app, :db, primary: true
set :application, "some_app"
set :user, "ubuntu"
set :keep_releases, 3
set :location, "9.9.9.9"
ssh_options[:keys] = ["~/Keys/serverkey.pem"]
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
set :use_sudo, false
task :hello do
run "echo 'Hello World' > /home/other_user/i_was_here.txt"
end
And this is the output:
$ cap hello
* 2013-03-22 14:11:29 executing `hello'
* executing "echo 'Hello World' > /home/other_user/i_was_here.txt"
servers: ["9.9.9.9"]
[9.9.9.9] executing command
** [out :: 9.9.9.9] sh: cannot create /home/other_user/i_was_here.txt: Permission denied
command finished in 798ms
failed: "sh -c 'echo '\\''Hello World'\\'' > /home/other_user/i_was_here.txt'" on 9.9.9.9
What could be wrong? The purpose is to deploy a Rails App for another user, so I have some doubts:
Is there a way to deploy the Rails App on an AWS-EC2 instance directly with the other user?
If the answer for #1 is "no", what is the right way to deploy the Rails App with the default user Ubuntu for other users? (for no having problems with permissions in the future when the other users try to access to the apps)
In the server are managed many users because we want to get the storage and bandwidth for each user, so we did it this way and until today we are starting with Capistrano haha.
Thanks in advance.
The usual is to deploy as the user that should run/maintain the application. Otherwise you have to really be sure both users are not messing around with the permissions.
Is the reason for this scenario is that you don't want to share credentials? If so, consider using a special deploy ssh key that is added to .ssh/authorized_keys for every user.
Remove ssh_options[:forward_agent] = true line from your config file, even I had the same issue I removed this line and its working fine for me now
Thank you everyone for your answers. What I did was follow this steps and connect with Capistrano with the specific user.
http://utkarshsengar.com/2011/01/manage-multiple-accounts-on-1-amazon-ec2-instance/
The ubuntu user does not have permission to access other_user's home directory, unless sudo is used, or you change the permissions on /home/other_user.
The best approach, if you want to run the app as other_user, is to configure capistrano to deploy as other_user. You'll need to add your public ssh key to /home/other_user/.ssh/authorized_keys. If you want the app to run as ubuntu, deploy to /home/ubuntu.
I've followed several suggestions from other sites but to no avail. When I try
cap deploy:cold
I consistently get "Host key verification failed."
I've tried everything. I've ssh'd from my computer to the remote, removed and readded both keys from known-hosts, cloned from github, set up my public key from both the server and local on github.
What am I missing here?
Capfile:
https://gist.github.com/1308243
Errors:
https://gist.github.com/1308255
Add to your deploy.rb:
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
Or log in to the server(s) you are deploying to (as your deploy user) and run:
ssh git#github.com
The authenticity of host 'github.com (207.97.227.239)' can't be established.
RSA key fingerprint is **:**:**:.
Are you sure you want to continue connecting (yes/no)? yes
Most of the time I see this issue is when github.com in not in your ~/.ssh/known_hosts
Instead of using a git ssh url which looks like this
git#github.com:definelabs/urbanairship.git
use a read only url which looks like this
git://github.com/definelabs/urbanairship.git
You had mentioned that cap deploy:setup worked and cap deploy failed. So looks like the error message is not related to the ssh connectivity, and its related to git checkout. It might be because that your git remote server works with key based authentication and the required key is missing in the server.
In addition to
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
I also needed do this, with below:
def add_domain_to_known_hosts(hostname)
ip_address = "`dig +short A #{hostname}`"
run "ssh-keygen -R #{hostname}"
run "ssh-keygen -R #{ip_address}"
run "ssh-keygen -R #{hostname},#{ip_address}"
run "ssh-keyscan -H #{hostname},#{ip_address} >> ~/.ssh/known_hosts"
run "ssh-keyscan -H #{ip_address} >> ~/.ssh/known_hosts"
run "ssh-keyscan -H #{hostname} >> ~/.ssh/known_hosts"
end
Although, it should be noted that PTY's are discouraged by capistrano:
https://github.com/capistrano/capistrano#a-word-about-ptys
One file to get concerned with ~/YOUR_USER_NAME /.ssh/authorized_keys2 on the server. I believe it should contain the public/private key (one of the two, I think private?)
My ssh keys are definitely set up correctly, as I'm never prompted for the password when using ssh. But capistrano still asks for a password when deploying with cap deploy. It doesn't ask for the password when I setup with cap deploy:setup though, strangely enough. It would make the deployment cycle so much smoother without a password prompt.
Specifics: I'm deploying a Sinatra app to a Dreamhost shared account (which uses Passenger). I had followed a tutorial for doing so long back, which worked perfectly back then. Something broke since. I'm using capistrano (2.5.9) and git version 1.6.1.1. Here's my Capfile:
load 'deploy' if respond_to?(:namespace) # cap2 differentiator
set :user, 'ehsanul'
set :domain, 'jellly.com'
default_run_options[:pty] = true
# the rest should be good
set :repository, "ehsanul#jellly.com:git/jellly.git"
set :deploy_to, "/home/ehsanul/jellly.com"
set :deploy_via, :remote_cache
set :scm, 'git'
set :branch, 'deploy'
set :git_shallow_clone, 1
set :scm_verbose, true
set :use_sudo, false
server domain, :app, :web
namespace :deploy do
task :migrate do
run "cd #{current_path}; /usr/bin/rake migrate environment=production"
end
task :restart do
run "touch #{current_path}/tmp/restart.txt"
end
end
after "deploy", "deploy:migrate"
And here's the output of what happens when I cap deploy, upto the password prompt:
$ cap deploy
* executing `deploy'
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
updating the cached checkout on all servers
executing locally: "git ls-remote ehsanul#jellly.com:git/jellly.git deploy"
/usr/local/bin/git
* executing "if [ -d /home/ehsanul/jellly.com/shared/cached-copy ]; then cd /home/ehsanul/jellly.com/shared/cached-copy && git fetch origin && git reset --hard ea744c77b0b939d5355ba2dc50ef1ec85f918d66 && git clean -d -x -f; else git clone --depth 1 ehsanul#jellly.com:git/jellly.git /home/ehsanul/jellly.com/shared/cached-copy && cd /home/ehsanul/jellly.com/shared/cached-copy && git checkout -b deploy ea744c77b0b939d5355ba2dc50ef1ec85f918d66; fi"
servers: ["jellly.com"]
[jellly.com] executing command
** [jellly.com :: out] ehsanul#jellly.com's password:
Password:
** [jellly.com :: out]
** [jellly.com :: out] remote: Counting objects: 7, done.
remote: Compressing objects: 100% (4/4), done.
What could be broken?
Executing ssh-add ~/.ssh/id_rsa in my local machine fixed the issue for me. It seemed that the ssh command line tool wasn't detecting my identity when called with Capistrano.
The password prompt is because the server you are deploying to is connecting to the git server and needs authentication. Since your local machine (where you are deploying from) already has a valid ssh-key, use that one by enabling forwarding in your Capfile:
set :ssh_options, {:forward_agent => true}
That forwards the authentication from your local machine through when the deployment server tries to connect to your git server.
This is much preferred to putting your private key out on the deployment server!
Another way of getting around the password prompt when the server is ssh'ing back on itself is to tell capistrano not to do so. Thanks to the 'readme' section for Daniel Quimper's capistrano-site5 github repo, we note the following:
set :deploy_via, :copy
Obviously, this works for the case where both the app and git repository are being hosted on the same host. But I guess some of us are doing that :)
I've had the same problem.
This line did'nt work:
set :ssh_options, {:forward_agent => true}
Then I executed mentioned on Dreamhost wiki
[local ~]$ eval `ssh-agent`
[local ~]$ ssh-add ~/.ssh/yourpublickey # omit path if using default keyname
And now I can deploy without password.
The logs show it prompted for a password after logging in via SSH to jellly.com, so it looks like the actual git update is prompting for a password.
I think this is because your repository setting specifies your git user, even though you can access it anonymously in this case.
You should create an anonymous git account and change your repo line like this:
set :repository, "git#jellly.com:git/jellly.git"
Alternatively, you could put your SSH key ON your production server, but that doesn't sound useful. You also might be able to configure SSH to forward authentication requests back through the initial SSH connection. The anonymous read-only source control for deploy is likely easier, though.
I copy and paste my local machie id_rsa.pub key to remote server authorized_key file and it worked
copying public key manually to authorized_keys did not work in my case but doing it via service worked, when I found service had simply added one more same key at the end
ssh-copy-id ~/.ssh/id_rsa.pub user#remote
If you're using a Windows workstation (portable) that you sometimes dock directly into an internal corporate network and sometimes connect via VPN, you may find that you get inconsistent behavior in running cap remote tasks asking you for a password.
In my situation, our company has login scripts that execute when you logged in while already connected to the company LAN that set your HOME directory to a network share location. If you login from cached credentials and then VPN in, your home directory isn't set by the login script. The .ssh directory that stores your private key may be in only one of those locations.
An easy fix in that situation is to just copy the .ssh directory from the HOME that has it to the one that doesn't.