Capistrano does not (yet) support a gateway per server. If you need something like that, you can work around cap's limitation by setting up the tunnel yourself (using ssh), and then specifying [EMAIL PROTECTED]:port as the host for that specific server.
- Jamis On Jan 5, 2008, at 7:39 AM, jemminger wrote:
Apologies if this is a double-post; I don't see my first attempt posted yet... Anyway, my question is this: am I having the same problem here? http://groups.google.com/group/capistrano/browse_thread/thread/8ac721f9a169eb41 I can provide a debug dump if so. Thanks, Jeff On Jan 2, 4:47 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:Yeah, currently Net::SSH only does either/or, but not both. If you could send me the debug output, I'll take a look. No guarantees I'll have time to implement it, but then again, I'm currently working on Net::SSH v2, so it'd be a more likely time for me to hack on it. :) Please send the dump to me, directly: [EMAIL PROTECTED] Thanks! - Jamis On Jan 2, 2008, at 2:08 PM, [EMAIL PROTECTED] wrote:Nothing to be ashamed of ... I wouldn't know what it is either exceptour security droids require it on all publicly accessible systems.Anyway, in this context it means that two forms of authentication are required, specifically a public key *and* a password. My guess is that Net::SSH only knows how to provide one or the other but not both. Theoperative word there is "guess"; I would be happy to provide the output that results when I set ssh_options[:verbose] to :debug - I didn't do it in my original post because I'll have to make sure it's all "sanitized".Thanks for the quick response ... WkHOn Jan 2, 2:44 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:I'm not ashamed to reveal my ignorance and state that I have neverheard of two-factor auth...so it isn't surprising that Net::SSH would not handle that, since I wrote that, too. I based Net::SSH off of thebase ssh RFC's, which I don't recall mentioning two-factor authentication.- JamisOn Jan 2, 2008, at 11:14 AM, [EMAIL PROTECTED] wrote:One of my resolutions for the new year is to replace my crufty old expect scripts with Capistrano. Unfortunately, I'm having trouble withthe :gateway mechanism. Our bastion servers are configured for two-factor auth: public key and password. Capistrano, or Net::SSH, doesn'tseem to be able to handle that flavor of authentication. When I runthe following task, which just tests the ability to login to the bastion server:task :whos_on, :hosts => "my.bastion.server" do run "who" endI get the following output:$ cap whos_on * executing `whos_on' * executing "who" servers: ["my.bastion.server"] Password: connection failed for: my.bastion.server (Net::SSH::AuthenticationFailed: username)I'm able to ssh to my.bastion.server with no problems. I'm also ableto set up a tunnel through it to any of our production boxes using just straight ssh. Doing set :gateway, "my.bastion.server" in my capfile gives me no joy either.I have verified that the whos_on task works when run within theproduction network where the boxes don't do two-factor auth. That's why I'm focused on the two-factor thing. To be useful I really needthe :gateway mechanism to work.Anyone have any ideas?... WkHsmime.p7s 3KDownloadsmime.p7s 3KDownload--~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
smime.p7s
Description: S/MIME cryptographic signature
