On Fri, May 9, 2008 at 10:46 AM, Chuck <[EMAIL PROTECTED]> wrote:
>
> I know this is more of an ssh question, but I've set up the public/
> private key to allow me to ssh to the machine i'm deploying from (it
> would effectively be like ssh my.ip.address.)
If that's actually "ssh my.ip.address", it will try to login as your local
user. You might have to do something like "ssh [EMAIL PROTECTED]" instead.
(And you can use hostnames, too.)
This has bitten me before -- I didn't realize I was trying to authenticate
as "dave" instead of, say, "deploy".
> but it still prompts me
> for a password. any ideas as to why it would still prompt for a
> password?
Other than that, there are the obvious ones:
Are you sure it's actually using your public/private key? Check for your
public key in ~/.ssh/authorized_keys on the server side, and make sure the
permissions are set appropriately -- ~/.ssh should be mode 700, and
authorized_keys probably mode 600.
And check on your local end -- by default, ssh will check in ~/.ssh/id_rsa
(or ~/.ssh/id_dsa). Similar rules apply.
Check the config files -- on the remote end, sshd_config (on Debian/Ubuntu,
that's /etc/ssh/sshd_config) should have PubkeyAuthentication on, and check
AuthorizedKeysFile if it's set. On the local end, ssh_config
(/etc/ssh/ssh_config) and ~/.ssh/config (if that exists?) may have something
interesting, though I think the default is to try the ssh-agent first, then
keys, and finally fallback to a password.
Finally, if all else fails, learn how to run an ssh agent -- on Ubuntu,
there's actually one running by default -- and then run ssh-add. Bonus is,
if your ssh key has somehow gotten a passphrase on it, you can enter that
once into ssh-add, and the key will then be kept decrypted in ssh-agent's
RAM, so you'll be passwordless until next boot.
>
>
> Chuck
>
> On Apr 29, 4:44 pm, Chuck <[EMAIL PROTECTED]> wrote:
> > Oh, ok. Thanks.
> >
> > On Apr 29, 4:20 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:
> >
> > > Yeah. If you want to avoid a password prompt, you need to make sure
> > > _all_ of the servers you are connecting to are configured for
> > > passwordless authentication.
> >
> > > - Jamis
> >
> > > On Apr 29, 2008, at 4:06 PM, Chuck wrote:
> >
> > > > One of the machines I'm deploying to is the machine I'm deploying
> > > > from. I set up the public/private key to get me into the other two
> > > > machines, but when I ssh to the local machine, it prompts me for a
> > > > password. Could that be causing the problem?
> >
> > > > On Apr 29, 3:36 pm, Chuck <[EMAIL PROTECTED]> wrote:
> > > >> ok, test_without_sudo prompted for a password, so it looks like it's
> > > >> trying to authenticate to the server with a password instead of
> > > >> with a
> > > >> public key.
> >
> > > >> On Apr 29, 3:26 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:
> >
> > > >>> Have you verified that sudo is configured right? For instance, add
> > > >>> the
> > > >>> following two tasks and see if both work without password prompts:
> >
> > > >>> task :test_without_sudo do
> > > >>> run "whoami"
> > > >>> end
> >
> > > >>> task :test_with_sudo do
> > > >>> run "sudo whoami"
> > > >>> # I would generally recommend the following for sudo use:
> > > >>> # sudo "whoami"
> > > >>> # but you've got some complex commands that won't play nice
> > > >>> with it
> > > >>> end
> >
> > > >>> If :test_without_sudo throws up a prompt, then you know it's
> > > >>> unrelated
> > > >>> to sudo is more likely connection-related. If :test_without_sudo
> > > >>> doesn't prompt, but :test_with_sudo does, then you've not
> configured
> > > >>> sudo correctly. If both execute without a prompt,
> > > >>> but :umount_nfs_shares still does, then something else is wrong. :(
> >
> > > >>> - Jamis
> >
> > > >>> On Apr 29, 2008, at 3:05 PM, Chuck wrote:
> >
> > > >>>> task :umount_nfs_shares do
> > > >>>> run "if [ `/sbin/ifconfig eth0 | grep inet | cut -d ' ' -f 12 |
> > > >>>> cut -
> > > >>>> d ':' -f
> > > >>>> 2` != #{internal_db} ]; then sudo umount `mount | grep
> > > >>>> blackbookmobile
> > > >>>> | grep us
> > > >>>> er | cut -d ' ' -f 3`; fi"
> > > >>>> run "if [ `/sbin/ifconfig eth0 | grep inet | cut -d ' ' -f 12 |
> > > >>>> cut -
> > > >>>> d ':' -f
> > > >>>> 2` != #{internal_db} ]; then sudo umount `mount | grep
> > > >>>> blackbookmobile
> > > >>>> | grep co
> > > >>>> ntact | cut -d ' ' -f 3`; fi"
> > > >>>> run "if [ `/sbin/ifconfig eth0 | grep inet | cut -d ' ' -f 12 |
> > > >>>> cut -
> > > >>>> d ':' -f
> > > >>>> 2` = #{internal_db} ]; then sudo chown -R sms:mongrel /public; fi"
> > > >>>> run "sudo chown -R user:group /var/www/blackbookmobile/"
> > > >>>> run "sudo chmod -R g+w /var/www/blackbookmobile/"
> > > >>>> end
> >
> > > >>>> - Chuck
> >
> > > >>>> On Apr 29, 2:56 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:
> > > >>>>> Any chance you could share the definition of the
> > > >>>>> "umount_nfs_shares"
> > > >>>>> task?
> >
> > > >>>>> - Jamis
> >
> > > >>>>> On Apr 29, 2008, at 2:16 PM, Chuck wrote:
> >
> > > >>>>>> Yes, but I've configured the group I'm a member of so that it
> > > >>>>>> doesn't
> > > >>>>>> require a password when I use sudo with a "NOPASSWD: ALL".
> >
> > > >>>>>> On Apr 29, 8:57 am, Jamis Buck <[EMAIL PROTECTED]> wrote:
> > > >>>>>>> Is anything trying to execute via sudo?
> >
> > > >>>>>>> - Jamis
> >
> > > >>>>>>> On Apr 29, 2008, at 8:37 AM, Chuck wrote:
> >
> > > >>>>>>>> I was going to set up a cron job (under my own crontab, so
> > > >>>>>>>> it'd
> > > >>>>>>>> be
> > > >>>>>>>> running as my user).
> >
> > > >>>>>>>> Here's what I get when I attempt to deploy: (cap staging
> > > >>>>>>>> deploy)
> >
> > > >>>>>>>> * executing `staging'
> > > >>>>>>>> triggering start callbacks for `deploy'
> > > >>>>>>>> * executing `multistage:ensure'
> > > >>>>>>>> triggering before callbacks for `deploy'
> > > >>>>>>>> * executing `umount_nfs_shares'
> > > >>>>>>>> * executing "umount command that's the first thing under
> > > >>>>>>>> umount_nfs_shares"
> > > >>>>>>>> servers: ["X.X.X.X", "X.X.X.X", "X.X.X.X"]
> > > >>>>>>>> Password:
> >
> > > >>>>>>>> I didn't put a password on the SSH certificate, so I'm certain
> > > >>>>>>>> that's
> > > >>>>>>>> not it.
> >
> > > >>>>>>>> Thanks,
> > > >>>>>>>> Chuck
> >
> > > >>>>>>>> On Apr 28, 4:37 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:
> > > >>>>>>>>> How is your deployment script being run automatically? Is it
> > > >>>>>>>>> being
> > > >>>>>>>>> run
> > > >>>>>>>>> as you, or a different user? When does it prompt for a
> > > >>>>>>>>> password?
> > > >>>>>>>>> (Might it be prompting for an SSH certificate passphrase,
> > > >>>>>>>>> which
> > > >>>>>>>>> is
> > > >>>>>>>>> not
> > > >>>>>>>>> the same as the password?)
> >
> > > >>>>>>>>> - Jamis
> >
> > > >>>>>>>>> On Apr 28, 2008, at 3:55 PM, Chuck wrote:
> >
> > > >>>>>>>>>> I'm trying to set up a deployment script that will run on a
> > > >>>>>>>>>> regular
> > > >>>>>>>>>> basis, but it continuously prompts me for a password.
> >
> > > >>>>>>>>>> I set up a public/private key and can now log into the
> > > >>>>>>>>>> machines
> > > >>>>>>>>>> i'm
> > > >>>>>>>>>> deploying to from my deployment machine without a password,
> > > >>>>>>>>>> but
> > > >>>>>>>>>> cannot
> > > >>>>>>>>>> for the life of me figure out how to get capistrano to drop
> > > >>>>>>>>>> the
> > > >>>>>>>>>> password prompt.
> >
> > > >>>>>>>>>> Any ideas/input?
> >
> > > >>>>>>>>> smime.p7s
> > > >>>>>>>>> 3KDownload
> >
> > > >>>>>>> smime.p7s
> > > >>>>>>> 3KDownload
> >
> > > >>>>> smime.p7s
> > > >>>>> 3KDownload
> >
> > > >>> smime.p7s
> > > >>> 3KDownload
> >
> > > smime.p7s
> > > 3KDownload
> >
>
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
