Do you think my code above is correct with 2 keys? We have a key for the gateway and another one for the private server.
When I try to deploy, Capistrano says: * establishing connection to gateway `"ubuntu@MY_GATEWAY_IP:1122"' * Creating gateway using ubuntu@MY_GATEWAY_IP:1122 ** [deploy:update_code] exception while rolling back: Net::SSH::AuthenticationFailed, ubuntu authentication failed for `ubuntu' On Tuesday, June 18, 2013 12:57:31 PM UTC+1, Lee Hambley wrote: > > .pem keys should work FWIW, we use them for some internal projects here > (EC2, again) - > > Lee Hambley > -- > http://lee.hambley.name/ > +49 (0) 170 298 5667 > > > On 18 June 2013 13:56, TheGryzor123 <[email protected] <javascript:>>wrote: > >> Thanks so much for your reply. >> >> I have to use a gateway because we are using a VPN (private network) and >> our server are not directly accessible from the net. >> >> All our servers require a .pem key to be able to log into, it's a >> standard procedure on Amazon EC2. So I can SSH from one server to another >> using the right key and the right port. Of course I suppose that if I omit >> the key then the connection will be refused ;) >> >> I can show you the logs if you want to. >> >> On Tuesday, June 18, 2013 1:13:41 AM UTC+1, Michael Richardson wrote: >>> >>> TheGryzor123 <[email protected]> wrote: >>> > Here is the architecture: >>> >>> > DeploymentServer --> Gateway --> PrivateServer >>> >>> > I don't know Ruby and I'm not a Capistrano expert so could you >>> tell me if >>> > there is something wrong in my code? >>> >>> > ssh_options[:forward_agent] = true >>> > set :ssh_options, {:auth_methods => 'publickey'} >>> >>> That's the default, as far as I know. >>> >>> > ssh_options[:verbose] = :debug >>> > set :ssh_options, {:keys => ['~/.ssh/GATEWAY_KEY.pem', >>> > '~/.ssh/PRIVATE_SERVER_KEY.**pem']} >>> >>> I'm not aware of these options. I've never known the implementation to >>> use >>> pem encoded keys. Why would you specify the gateways keys? >>> >>> > It doesn't work and using this syntax I wonder how Capistrano >>> could figure >>> > out which key to use. Using SSH from one server to another it >>> works. >>> >>> Can you please detail, "it works", what specifically works? >>> I think that if you specify a gateway, that you are telling capistrano >>> that in order to reach DeploymentServer, it should use Gateway. >>> I don't think it applies at all to the outgoing ssh to get code. >>> >>> Login to DeploymentServer, and configure .ssh/config such that you >>> can "ssh privateserver" and have it work. You'll want to read the >>> ssh_config man page, and likely specify a Hostname and Port in the >>> config for "privateserver" >>> >>> >>> -- >>> ] Never tell me the odds! | ipv6 mesh >>> networks [ >>> ] Michael Richardson, Sandelman Software Works | network >>> architect [ >>> ] [email protected] http://www.sandelman.ca/ | ruby on >>> rails [ >>> >>> -- >> -- >> * You received this message because you are subscribed to the Google >> Groups "Capistrano" group. >> * To post to this group, send email to [email protected]<javascript:> >> * To unsubscribe from this group, send email to >> [email protected] <javascript:> For more options, visit >> this group at http://groups.google.com/group/capistrano?hl=en >> --- >> You received this message because you are subscribed to the Google Groups >> "Capistrano" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- -- * You received this message because you are subscribed to the Google Groups "Capistrano" group. * To post to this group, send email to [email protected] * To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano?hl=en --- You received this message because you are subscribed to the Google Groups "Capistrano" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
