Hi Ken, That does look like it might be a bug in someone's software, maybe our Git module, or maybe your Git binary, can you post your capfile, and maybe deploy.rb (anything with configuration settings in) - I may have a couple of ideas for you.
- Lee 2009/6/10 Ken Mayer <[email protected]> > > I use unfuddle.com for git repo and they require a unique ssh/rsa key > per account. I have more than one account. > > When I try to deploy, I get an error because the gitosis server gets > the "other" key and authenticates me for the wrong account, so I get a > read access denied error. I can remove the key from ssh-agent. > Rerunning my deploy recipe again, everything works fine. > > I'm wondering what configuration I need to change so capistrano & git > query ssh-agent for the correct host/user/configuration. > > In other words, on my laptop, or the remote host, if I have this in my > ~/.ssh/config: > > Host freesailquotes.unfuddle.com > User git > IdentityFile ~/.ssh/freesailquotes_rsa > > Then running git with a url that starts with > "[email protected]" will use the correct identity file. > It used the wrong identity file when running a "cap deploy;" the > remote git process was accessing my laptop's ssh-agent via a > forward_agent port. > > You can see in the transcript below, where the ssh client tries, one- > by-one, each public/private key available, in order. Simply because it > finds the www-data_rsa key first, the git transaction fails (even > though ssh succeeded). > > I can reduce the error to running cap shell > "ssh -v g...@repo" > [edited] > cap> ssh -v -v g...@repo whoami > ** [out :: --remote-host--] OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 > Oct 2007 > ** [out :: --remote-host--] debug1: Reading configuration data /etc/ > ssh/ssh_config > ** [out :: --remote-host--] debug1: Applying options for * > ** [out :: --remote-host--] debug1: Connecting to rep [] port 22. > ** [out :: --remote-host--] debug1: Connection established. > ** [out :: --remote-host--] debug1: identity file /var/www/.ssh/ > identity type -1 > ** [out :: --remote-host--] debug1: identity file /var/www/.ssh/ > id_rsa type -1 > ** [out :: --remote-host--] debug1: identity file /var/www/.ssh/ > id_dsa type -1 > ** [out :: --remote-host--] debug1: Remote protocol version 2.0, > remote software version OpenSSH_5.1p1 Debian-5 > ** [out :: --remote-host--] debug1: match: OpenSSH_5.1p1 Debian-5 pat > OpenSSH* > ** [out :: --remote-host--] debug1: Enabling compatibility mode for > protocol 2.0 > ** [out :: --remote-host--] debug1: Local version string SSH-2.0- > OpenSSH_5.1p1 Debian-5 > ** [out :: --remote-host--] debug1: SSH2_MSG_KEXINIT sent > ** [out :: --remote-host--] debug1: SSH2_MSG_KEXINIT received > ** [out :: --remote-host--] debug1: kex: server->client aes128-cbc > hmac-md5 none > ** [out :: --remote-host--] debug1: kex: client->server aes128-cbc > hmac-md5 none > ** [out :: --remote-host--] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST > (1024<1024<8192) sent > ** [out :: --remote-host--] debug1: expecting > SSH2_MSG_KEX_DH_GEX_GROUP > ** [out :: --remote-host--] debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > ** [out :: --remote-host--] debug1: expecting > SSH2_MSG_KEX_DH_GEX_REPLY > ** [out :: --remote-host--] debug1: Host 'repo' is known and matches > the RSA host key. > ** [out :: --remote-host--] debug1: Found key in /var/www/.ssh/ > known_hosts:1 > ** [out :: --remote-host--] debug1: ssh_rsa_verify: signature correct > ** [out :: --remote-host--] debug1: SSH2_MSG_NEWKEYS sent > ** [out :: --remote-host--] debug1: expecting SSH2_MSG_NEWKEYS > ** [out :: --remote-host--] debug1: SSH2_MSG_NEWKEYS received > ** [out :: --remote-host--] debug1: SSH2_MSG_SERVICE_REQUEST sent > ** [out :: --remote-host--] debug1: SSH2_MSG_SERVICE_ACCEPT received > ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/id_rsa > (0x80067b48) > ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/www- > data_rsa (0x800681d8) > ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/ > freesailquotes_rsa (0x800682d0) > ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/ > bitwrangler_rsa (0x800685e8) > ** [out :: --remote-host--] debug2: key: /var/www/.ssh/identity > ((nil)) > ** [out :: --remote-host--] debug2: key: /var/www/.ssh/id_rsa ((nil)) > ** [out :: --remote-host--] debug2: key: /var/www/.ssh/id_dsa ((nil)) > ** [out :: --remote-host--] debug1: Authentications that can > continue: publickey > ** [out :: --remote-host--] debug1: Next authentication method: > publickey > ** [out :: --remote-host--] debug1: Offering public key: /Users/ > user/.ssh/id_rsa > ** [out :: --remote-host--] debug2: we sent a publickey packet, wait > for reply > ** [out :: --remote-host--] debug1: Authentications that can > continue: publickey > ** [out :: --remote-host--] debug1: Offering public key: /Users/ > user/.ssh/www-data_rsa > ** [out :: --remote-host--] debug2: we sent a publickey packet, wait > for reply > ** [out :: --remote-host--] debug1: Remote: Forced command: gitosis- > serve bitwrangler_user > ** [out :: --remote-host--] debug1: Remote: Port forwarding disabled. > ** [out :: --remote-host--] debug1: Remote: X11 forwarding disabled. > ** [out :: --remote-host--] debug1: Remote: Agent forwarding > disabled. > ** [out :: --remote-host--] debug1: Remote: Pty allocation disabled. > ** [out :: --remote-host--] debug1: Server accepts key: pkalg ssh-rsa > blen 533 > ** [out :: --remote-host--] debug1: Remote: Forced command: gitosis- > serve bitwrangler_user > > > At this point, gitosis thinks I'm "bitwrangler_user" instead > "freesailquotes_user" and read access is denied. > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Capistrano" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.co.uk/group/capistrano?hl=en -~----------~----~----~----~------~----~------~--~---
