If there is a way to tell Capistrano to use agent forwarding, I'd do that
instead of modifying your global SSH config. I would guess it would be
something like:
set :ssh_options, {
:user => 'deploy'
:forward_agent => true
}
(Untested...)
Agent forwarding is allowing the remote user to do anything as you for a
limited amount of time. That's a security issue -- difficult to exploit, but
an issue nonetheless.
For example: My SSH key has access to both the user the application runs as,
and root. There's a reason we don't run applications as root -- but this
gives that user the ability, temporarily, to obtain root.
On Tue, Oct 21, 2008 at 10:29 AM, Mislav Marohnić <[EMAIL PROTECTED]
> wrote:
> On Tue, Oct 21, 2008 at 13:19, Borja Martín <[EMAIL PROTECTED]> wrote:
>
>>
>> Hi,
>> I'm trying to deploy my application using Capistrano and using Git as
>> the scm. The 'problem' I've found is that the passwords(for the remote
>> server and the git repository) are asked a lot times, about six times
>> for the remote server and two for the server the git repository is
>> located.
>
>
> Yeah, that's expected if you use passwords for authentication. Don't use
> them (especially with git) since they will make your deployments a misery.
>
> Generate a personal SSH key. Append the public part of the key in
> ".ssh/authorized_keys" on all your deployment servers and for the "git" user
> on dagi3d.net.
>
> Now load the key in your agent (that depends on your environment -- OS X
> will do it automatically on first operation). To check if it's working,
> login to your deployment server. It shouldn't ask you for a password
> anymore. Then logout and try to pull from the git repo. It also shouldn't
> ask you for a password.
>
> Next, set up ssh agent forwarding. Put something like this into your local
> ".ssh/config" (supposing you deploy to "example.com" with the "deploy"
> user):
>
> Host example.com
> User deploy
> ForwardAgent yes
>
> Now, login to the deployment server with "ssh example.com". Then, pull
> from your git repo *while on* the remote server. It also shouldn't ask you
> for your password because it uses your ssh key that was forwarded from your
> local machine.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
