Thanks for your help!
$ gem list capistrano
*** LOCAL GEMS ***
capistrano (2.5.5, 2.5.4, 2.5.3, 2.5.0, 2.4.3, 2.2.0, 2.1.0)
$ git --version
git version 1.6.1.2
##### Capfile #####
load 'deploy' if respond_to?(:namespace) # cap2 differentiator
Dir['vendor/plugins/*/recipes/*.rb'].each { |plugin| load(plugin) }
load 'config/deploy'
##### config/deploy.rb ######
set :application, "freesailquotes.com"
# Run options
set :user, "www-data"
# ssh_options[:user] = '???'
ssh_options[:keys] = "#{ENV['HOME']}/.ssh/freesailquotes_rsa"
ssh_options[:forward_agent] = true
# ssh_options[:verbose] = :debug
default_run_options[:pty] = true
set :use_sudo, false
# Repository
set :repository, "[email protected]:freesailquotes/
site.git"
set :scm_verbose, true
set :scm, :git
set :branch, 'master'
set :deploy_via, :remote_cache
set :git_enable_submodules, 1
set :git_shallow_clone, 1
# Servers
set :deploy_to, "/var/www/#{application}"
server "li82-69.members.linode.com", :app, :web
role :db, "li82-69.members.linode.com", :primary => true
# Custom tasks
task :update_config, :roles => [:app], :except => {:no_symlink =>
true} do
run "rm -f #{release_path}/config/database.yml"
run "cp -Rf #{shared_path}/config/* #{release_path}/config/"
run "ln -s #{shared_path}/system/assets #{release_path}/public/
assets"
end
after 'deploy:update_code', :update_config
namespace :deploy do
task :start, :roles => :app do
run "touch #{current_release}/tmp/restart.txt"
end
task :stop, :roles => :app do
# Do nothing.
end
desc "Restart Application"
task :restart, :roles => :app do
run "touch #{current_release}/tmp/restart.txt"
end
end
##################################################
Aloha a hui hou,
Ken
--
Ken Mayer / [email protected] / 808-722-6142 / http://www.bitwrangler.com/
On Jun 9, 2009, at 10:27 PM, Lee Hambley wrote:
> Hi Ken,
>
> That does look like it might be a bug in someone's software, maybe
> our Git module, or maybe your Git binary, can you post your capfile,
> and maybe deploy.rb (anything with configuration settings in) - I
> may have a couple of ideas for you.
>
> - Lee
>
> 2009/6/10 Ken Mayer <[email protected]>
>
> I use unfuddle.com for git repo and they require a unique ssh/rsa key
> per account. I have more than one account.
>
> When I try to deploy, I get an error because the gitosis server gets
> the "other" key and authenticates me for the wrong account, so I get a
> read access denied error. I can remove the key from ssh-agent.
> Rerunning my deploy recipe again, everything works fine.
>
> I'm wondering what configuration I need to change so capistrano & git
> query ssh-agent for the correct host/user/configuration.
>
> In other words, on my laptop, or the remote host, if I have this in my
> ~/.ssh/config:
>
> Host freesailquotes.unfuddle.com
> User git
> IdentityFile ~/.ssh/freesailquotes_rsa
>
> Then running git with a url that starts with
> "[email protected]" will use the correct identity file.
> It used the wrong identity file when running a "cap deploy;" the
> remote git process was accessing my laptop's ssh-agent via a
> forward_agent port.
>
> You can see in the transcript below, where the ssh client tries, one-
> by-one, each public/private key available, in order. Simply because it
> finds the www-data_rsa key first, the git transaction fails (even
> though ssh succeeded).
>
> I can reduce the error to running cap shell > "ssh -v g...@repo"
> [edited]
> cap> ssh -v -v g...@repo whoami
> ** [out :: --remote-host--] OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19
> Oct 2007
> ** [out :: --remote-host--] debug1: Reading configuration data /etc/
> ssh/ssh_config
> ** [out :: --remote-host--] debug1: Applying options for *
> ** [out :: --remote-host--] debug1: Connecting to rep [] port 22.
> ** [out :: --remote-host--] debug1: Connection established.
> ** [out :: --remote-host--] debug1: identity file /var/www/.ssh/
> identity type -1
> ** [out :: --remote-host--] debug1: identity file /var/www/.ssh/
> id_rsa type -1
> ** [out :: --remote-host--] debug1: identity file /var/www/.ssh/
> id_dsa type -1
> ** [out :: --remote-host--] debug1: Remote protocol version 2.0,
> remote software version OpenSSH_5.1p1 Debian-5
> ** [out :: --remote-host--] debug1: match: OpenSSH_5.1p1 Debian-5 pat
> OpenSSH*
> ** [out :: --remote-host--] debug1: Enabling compatibility mode for
> protocol 2.0
> ** [out :: --remote-host--] debug1: Local version string SSH-2.0-
> OpenSSH_5.1p1 Debian-5
> ** [out :: --remote-host--] debug1: SSH2_MSG_KEXINIT sent
> ** [out :: --remote-host--] debug1: SSH2_MSG_KEXINIT received
> ** [out :: --remote-host--] debug1: kex: server->client aes128-cbc
> hmac-md5 none
> ** [out :: --remote-host--] debug1: kex: client->server aes128-cbc
> hmac-md5 none
> ** [out :: --remote-host--] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST
> (1024<1024<8192) sent
> ** [out :: --remote-host--] debug1: expecting
> SSH2_MSG_KEX_DH_GEX_GROUP
> ** [out :: --remote-host--] debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> ** [out :: --remote-host--] debug1: expecting
> SSH2_MSG_KEX_DH_GEX_REPLY
> ** [out :: --remote-host--] debug1: Host 'repo' is known and matches
> the RSA host key.
> ** [out :: --remote-host--] debug1: Found key in /var/www/.ssh/
> known_hosts:1
> ** [out :: --remote-host--] debug1: ssh_rsa_verify: signature correct
> ** [out :: --remote-host--] debug1: SSH2_MSG_NEWKEYS sent
> ** [out :: --remote-host--] debug1: expecting SSH2_MSG_NEWKEYS
> ** [out :: --remote-host--] debug1: SSH2_MSG_NEWKEYS received
> ** [out :: --remote-host--] debug1: SSH2_MSG_SERVICE_REQUEST sent
> ** [out :: --remote-host--] debug1: SSH2_MSG_SERVICE_ACCEPT received
> ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/id_rsa
> (0x80067b48)
> ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/www-
> data_rsa (0x800681d8)
> ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/
> freesailquotes_rsa (0x800682d0)
> ** [out :: --remote-host--] debug2: key: /Users/user/.ssh/
> bitwrangler_rsa (0x800685e8)
> ** [out :: --remote-host--] debug2: key: /var/www/.ssh/identity
> ((nil))
> ** [out :: --remote-host--] debug2: key: /var/www/.ssh/id_rsa ((nil))
> ** [out :: --remote-host--] debug2: key: /var/www/.ssh/id_dsa ((nil))
> ** [out :: --remote-host--] debug1: Authentications that can
> continue: publickey
> ** [out :: --remote-host--] debug1: Next authentication method:
> publickey
> ** [out :: --remote-host--] debug1: Offering public key: /Users/
> user/.ssh/id_rsa
> ** [out :: --remote-host--] debug2: we sent a publickey packet, wait
> for reply
> ** [out :: --remote-host--] debug1: Authentications that can
> continue: publickey
> ** [out :: --remote-host--] debug1: Offering public key: /Users/
> user/.ssh/www-data_rsa
> ** [out :: --remote-host--] debug2: we sent a publickey packet, wait
> for reply
> ** [out :: --remote-host--] debug1: Remote: Forced command: gitosis-
> serve bitwrangler_user
> ** [out :: --remote-host--] debug1: Remote: Port forwarding disabled.
> ** [out :: --remote-host--] debug1: Remote: X11 forwarding disabled.
> ** [out :: --remote-host--] debug1: Remote: Agent forwarding
> disabled.
> ** [out :: --remote-host--] debug1: Remote: Pty allocation disabled.
> ** [out :: --remote-host--] debug1: Server accepts key: pkalg ssh-rsa
> blen 533
> ** [out :: --remote-host--] debug1: Remote: Forced command: gitosis-
> serve bitwrangler_user
>
>
> At this point, gitosis thinks I'm "bitwrangler_user" instead
> "freesailquotes_user" and read access is denied.
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Capistrano" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.co.uk/group/capistrano?hl=en
-~----------~----~----~----~------~----~------~--~---
