Hey,
did you figure it out by now?
As you mentioned above, fully figuring out SSH and all it's capabilities is
hard. I remember when I was learning and trying to understand it, it took
me 5 full days (~10hrs a day). Yes, I literally devoted 5 days to learn it.
So don't feel discouraged if you don't get it yet, it's normal.
I'll just briefly try to provide some feedback:
- ssh agent should NOT be running on the remote machine - it should be
running on your local machine (where you're doing `$cap production deploy`)
- it's the key from your local machine that's forwarded to the server. Then
the forwarded key is used for github authentication
- did you try this from the guide: ssh -A dep...@one-of-my-servers.com 'git
ls-remote g...@github.com:capistrano/rails3-bootstrap-devise-cancan.git
What's the output? Note: you should run the above command from your local
machine - not on the server!
So if it's still not working for you, write here and we can try to debug
the process!
On Wednesday, April 9, 2014 8:09:42 PM UTC+2, Roy Miller wrote:
>
> Probably something simple, but I'm at wit's end after exploring everything
> i know of from the Cap docs and elsewhere.
>
> I set up my `deploy.rb` like so:
>
> ```ruby
> SSHKit.config.command_map[:rake] = "bundle exec rake" # Ensure that bundle
> is used for rake tasks
> lock '3.1.0' # config valid only for Capistrano 3.1
>
> set :application, '[myapp]'
> set :user, "deploy"
>
> set :deploy_to, '/var/www/[myapp]'
> set :use_sudo, false
> set :pty, false
> set :keep_releases, 5
> set :format, :pretty
> set :log_level, :debug
>
> set :repo_url, 'g...@github.com:....git'
> set :scm, :git
> set :branch, 'master'
>
> set :ssh_options, { forward_agent: true }
> ...
> ```
>
> My stage file for the `acceptance` stage looks like this:
>
> ```ruby
> set :stage, :acceptance
> set :node_env, 'test'
> set :user, 'deploy'
>
> role :app, 'ec2-....compute-1.amazonaws.com'
> role :web, 'ec2-....compute-1.amazonaws.com'
> role :db, 'ec2-....compute-1.amazonaws.com'
> role :server_pipeline, 'ec2-....compute-1.amazonaws.com'
>
> server 'ec2-....compute-1.amazonaws.com',
> user: 'deploy',
> roles: %w{server_pipeline},
> primary: true,
> keys: ['~/.ssh/blah.pem']
> ```
>
> With that, I get this result when I run `cap acceptance deploy`:
>
> DEBUG [a824cd7c] Running /usr/bin/env git ls-remote g...@github.com:....git
> on ec2-....compute-1.amazonaws.com
> DEBUG [a824cd7c] Command: ( GIT_ASKPASS=/bin/echo
> GIT_SSH=/tmp/[myapp]/git-ssh.sh /usr/bin/env git ls-remote
> g...@github.com:....git )
> DEBUG [a824cd7c] Permission denied (publickey).
> DEBUG [a824cd7c] fatal: Could not read from remote repository.
> DEBUG [a824cd7c]
> DEBUG [a824cd7c] Please make sure you have the correct access rights
> DEBUG [a824cd7c] and the repository exists.
> DEBUG [a824cd7c] Finished in 0.175 seconds with exit status 128 (failed).
>
> The maddening thing is that I can copy the command on the second output
> line above verbatim and run it from the command line on my server and it
> works fine. I reread the Cap page about things working via SSH but not when
> run by Cap, but couldn't see anything there to explain the result I'm
> getting. Here's what else I checked:
>
> - I confirmed that I followed all instructions from *Authentication &
> Authorisation* followed, the deploy user exists, and all dirs exist with
> the correct permissions
> - The ssh agent on the target box is running, and my key is loaded
> - I set up no-password access for the `deploy` user
> - I can run `git ls-remote` from the box and get a response from GitHub
> - `ssh -vT g...@github.com <javascript:>` confirms I can connect
>
> So I'm stumped. Don't know what else to try. Can anyone suggest something
> else to check/change? SSH issues can be so frustrating.
>
--
You received this message because you are subscribed to the Google Groups
"Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to capistrano+unsubscr...@googlegroups.com.
To view this discussion on the web, visit
https://groups.google.com/d/msgid/capistrano/ffddfa94-6c33-48ec-ab32-95cde6d73ba8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
