Re: [capistrano] New Capistrano user, having SSH problem asking for password

[Ernest Mueller]

Thanks!   I finally got it working using deploy.rb, I think.  I'm pretty
much already down the rabbit hole of needing different keys; we're using
Amazon EC2 where keys are the only method of getting into the box and
that's been set up with one key per set of servers already.  But in general
I won't be sending the same deployment to more than one or two different
keys worth of boxes so I think it'll be manageable.

Ernest
______________________
UN-altered REPRODUCTION and DISSEMINATION of
this IMPORTANT information is ENCOURAGED.



                                                                                
                                      
  From:       Eric Marden - Ruby Coder <r...@xentek.net>                        
                                      
                                                                                
                                      
  To:         capistrano@googlegroups.com                                       
                                      
                                                                                
                                      
  Date:       05/27/2010 10:10 PM                                               
                                      
                                                                                
                                      
  Subject:    Re: [capistrano] New Capistrano user, having SSH problem asking 
for     password                        
                                                                                
                                      
  Sent by:    capistrano@googlegroups.com                                       
                                      
                                                                                
                                      





Could be wrong but the problem seems to be on SSH's side.

First, is 'identity' the name of this file on your system? I know on my
debian boxes its 'authorized_keys'

2nd thing to check is your local ssh config (box1) to ensure that the order
the different auth schemes is correct. Should be by default, but this is
configurable if I recall correctly.

3rd, and not sure if capistrano responds to this (it should) you *could*
edit your ~/.ssh/config to force a certain key for a certain host. The Man
Page should help you sort this one out. However, consider that you don't
need separate keys for the same box. It only adds a modicum of "security".
Think of the key pair as unique to each client and use the same one for
your various hosts. There is a limit to the number of keys you can have (I
think mine maxed out at 10) before weird errors started. After that, I went
down to one and life got a lot easier :)

Last thing that comes to mind is that if your local keys have odd names
(default for me is id_rsa), it might not even be sending the keys and hence
defaulting to password auth and might the cause of your issue here.

Good Luck!

~ Eric Marden

On Tue, May 25, 2010 at 1:43 PM, Ernest Mueller <ernest.muel...@ni.com>
wrote:
  I'm still having a bit of trouble with capistrano and SSH and wanted to
  make sure I'm not missing something...

  I am running capistrano from box1.  I want to go to box2 (ssh key a) and
  box3  (ssh key b).  Everything as root.  No passphrases on keys.

  Box 1 also uses ssh key a so I set up a .ssh/identity file that's a.pem.
  I
  have b.pem just laying around.  So if I
  ssh box2
  it goes in just fine.  If I
  ssh -i b.pem box3
  it also logs in fine.

  I set up a capfile:

  role :foo, "box2"
  role :bar, "box3"

  So naturally if I
  cap ROLES=foo COMMAND="echo 'hello world'" invoke
  it works; if I
  cap ROLES=bar COMMAND="echo 'hello world'" invoke
  it asks for a password, and fails:
  connection failed for: box3 (Net::SSH::AuthenticationFailed: root)

  Now, I want to be able to cap stuff to two different hosts that use two
  different keys, ideally, without swapping out my identity file.  I think
  I
  should be able to do this:

  config/deploy.rb
  ssh_options[:keys] = [File.join(ENV["HOME"], "b.pem")]

  But this doesn't appear to do anything - same deal, it asks for a
  password
  and fails when I don't give one.  Is it supposed to?  I would really like
  to specify other ssh info without editing the actual ssh config stuff, as
  my use case is "use this one capistrano installation to distribute stuff
  to
  a variety of hosts using a variety of keys".  And the hostnames are
  pretty
  dynamic, so keeping up a long list of
  .ssh/config:
  host box1
  IdentityFile ~/.ssh/a.pem
  host box2
  IdentityFile ~/.ssh/b.pem

  is not desirable.  Is there a way to get capistrano to do this or is the
  answer "we totally punt to the stock ssh setup?"

  Ernest
  ______________________
  UN-altered REPRODUCTION and DISSEMINATION of
  this IMPORTANT information is ENCOURAGED.


  --
  * You received this message because you are subscribed to the Google
  Groups "Capistrano" group.
  * To post to this group, send email to capistrano@googlegroups.com
  * To unsubscribe from this group, send email to capistrano
  +unsubscr...@googlegroups.com For more options, visit this group at
  http://groups.google.com/group/capistrano?hl=en



--
* You received this message because you are subscribed to the Google Groups
"Capistrano" group.
* To post to this group, send email to capistrano@googlegroups.com
* To unsubscribe from this group, send email to capistrano
+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/capistrano?hl=en






-- 
* You received this message because you are subscribed to the Google Groups 
"Capistrano" group.
* To post to this group, send email to capistrano@googlegroups.com
* To unsubscribe from this group, send email to 
capistrano+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/capistrano?hl=en