I use unfuddle.com for git repo and they require a unique ssh/rsa key
per account. I have more than one account.
When I try to deploy, I get an error because the gitosis server gets
the "other" key and authenticates me for the wrong account, so I get a
read access denied error. I can remove the key from ssh-agent.
Rerunning my deploy recipe again, everything works fine.
I'm wondering what configuration I need to change so capistrano & git
query ssh-agent for the correct host/user/configuration.
In other words, on my laptop, or the remote host, if I have this in my
~/.ssh/config:
Host freesailquotes.unfuddle.com
User git
IdentityFile ~/.ssh/freesailquotes_rsa
Then running git with a url that starts with
"[email protected]" will use the correct identity file.
It used the wrong identity file when running a "cap deploy;" the
remote git process was accessing my laptop's ssh-agent via a
forward_agent port.
You can see in the transcript below, where the ssh client tries, one-
by-one, each public/private key available, in order. Simply because it
finds the www-data_rsa key first, the git transaction fails (even
though ssh succeeded).
I can reduce the error to running cap shell > "ssh -v g...@repo"
[edited]
cap> ssh -v -v g...@repo whoami
** [out :: --remote-host--] OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19
Oct 2007
** [out :: --remote-host--] debug1: Reading configuration data /etc/
ssh/ssh_config
** [out :: --remote-host--] debug1: Applying options for *
** [out :: --remote-host--] debug1: Connecting to rep [] port 22.
** [out :: --remote-host--] debug1: Connection established.
** [out :: --remote-host--] debug1: identity file /var/www/.ssh/
identity type -1
** [out :: --remote-host--] debug1: identity file /var/www/.ssh/
id_rsa type -1
** [out :: --remote-host--] debug1: identity file /var/www/.ssh/
id_dsa type -1
** [out :: --remote-host--] debug1: Remote protocol version 2.0,
remote software version OpenSSH_5.1p1 Debian-5
** [out :: --remote-host--] debug1: match: OpenSSH_5.1p1 Debian-5 pat
OpenSSH*
** [out :: --remote-host--] debug1: Enabling compatibility mode for
protocol 2.0
** [out :: --remote-host--] debug1: Local version string SSH-2.0-
OpenSSH_5.1p1 Debian-5
** [out :: --remote-host--] debug1: SSH2_MSG_KEXINIT sent
** [out :: --remote-host--] debug1: SSH2_MSG_KEXINIT received
** [out :: --remote-host--] debug1: kex: server->client aes128-cbc
hmac-md5 none
** [out :: --remote-host--] debug1: kex: client->server aes128-cbc
hmac-md5 none
** [out :: --remote-host--] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST
(1024<1024<8192) sent
** [out :: --remote-host--] debug1: expecting
SSH2_MSG_KEX_DH_GEX_GROUP
** [out :: --remote-host--] debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
** [out :: --remote-host--] debug1: expecting
SSH2_MSG_KEX_DH_GEX_REPLY
** [out :: --remote-host--] debug1: Host 'repo' is known and matches
the RSA host key.
** [out :: --remote-host--] debug1: Found key in /var/www/.ssh/
known_hosts:1
** [out :: --remote-host--] debug1: ssh_rsa_verify: signature correct
** [out :: --remote-host--] debug1: SSH2_MSG_NEWKEYS sent
** [out :: --remote-host--] debug1: expecting SSH2_MSG_NEWKEYS
** [out :: --remote-host--] debug1: SSH2_MSG_NEWKEYS received
** [out :: --remote-host--] debug1: SSH2_MSG_SERVICE_REQUEST sent
** [out :: --remote-host--] debug1: SSH2_MSG_SERVICE_ACCEPT received
** [out :: --remote-host--] debug2: key: /Users/user/.ssh/id_rsa
(0x80067b48)
** [out :: --remote-host--] debug2: key: /Users/user/.ssh/www-
data_rsa (0x800681d8)
** [out :: --remote-host--] debug2: key: /Users/user/.ssh/
freesailquotes_rsa (0x800682d0)
** [out :: --remote-host--] debug2: key: /Users/user/.ssh/
bitwrangler_rsa (0x800685e8)
** [out :: --remote-host--] debug2: key: /var/www/.ssh/identity
((nil))
** [out :: --remote-host--] debug2: key: /var/www/.ssh/id_rsa ((nil))
** [out :: --remote-host--] debug2: key: /var/www/.ssh/id_dsa ((nil))
** [out :: --remote-host--] debug1: Authentications that can
continue: publickey
** [out :: --remote-host--] debug1: Next authentication method:
publickey
** [out :: --remote-host--] debug1: Offering public key: /Users/
user/.ssh/id_rsa
** [out :: --remote-host--] debug2: we sent a publickey packet, wait
for reply
** [out :: --remote-host--] debug1: Authentications that can
continue: publickey
** [out :: --remote-host--] debug1: Offering public key: /Users/
user/.ssh/www-data_rsa
** [out :: --remote-host--] debug2: we sent a publickey packet, wait
for reply
** [out :: --remote-host--] debug1: Remote: Forced command: gitosis-
serve bitwrangler_user
** [out :: --remote-host--] debug1: Remote: Port forwarding disabled.
** [out :: --remote-host--] debug1: Remote: X11 forwarding disabled.
** [out :: --remote-host--] debug1: Remote: Agent forwarding
disabled.
** [out :: --remote-host--] debug1: Remote: Pty allocation disabled.
** [out :: --remote-host--] debug1: Server accepts key: pkalg ssh-rsa
blen 533
** [out :: --remote-host--] debug1: Remote: Forced command: gitosis-
serve bitwrangler_user
At this point, gitosis thinks I'm "bitwrangler_user" instead
"freesailquotes_user" and read access is denied.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Capistrano" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.co.uk/group/capistrano?hl=en
-~----------~----~----~----~------~----~------~--~---
