Finally it's working! I just made sure that my 2 keys had the right names,
permissions, owner and paths on the deployment server and I simplified my
initial Capistrano script:
# ssh_options[:forward_agent] = true (not necessary)
ssh_options[:auth_methods] = 'publickey'
set :ssh_options, {:keys => ['~/.ssh/GATEWAY_KEY.pem',
'~/.ssh/PRIVATE_SERVER_KEY.pem']}
set :gateway, 'GATEWAY_IP' # Capistrano was smart enough to guess my non
standard port and the user (same as the target server)
server 'PRIVATE_IP', :app, :web, :db, :primary => true
Cheers,
On Tuesday, June 18, 2013 1:45:04 PM UTC+1, Lee Hambley wrote:
>
> Yes, but the keys don't work that way with gateways, sorry. I've not had
> time to really examine what you are trying to do, but at least I can say
> that the gateway is only used for the connection from your machine to the
> ssh hosts, and have nothing to do with the ssh hosts making further
> connections (to git repositories, etc)
>
> Lee Hambley
> --
> http://lee.hambley.name/
> +49 (0) 170 298 5667
>
>
> On 18 June 2013 14:25, TheGryzor123 <[email protected] <javascript:>>wrote:
>
>> Do you think my code above is correct with 2 keys? We have a key for the
>> gateway and another one for the private server.
>>
>> When I try to deploy, Capistrano says:
>>
>> * establishing connection to gateway `"ubuntu@MY_GATEWAY_IP:1122"'
>> * Creating gateway using ubuntu@MY_GATEWAY_IP:1122
>> ** [deploy:update_code] exception while rolling back:
>> Net::SSH::AuthenticationFailed, ubuntu
>> authentication failed for `ubuntu'
>>
>>
>> On Tuesday, June 18, 2013 12:57:31 PM UTC+1, Lee Hambley wrote:
>>
>>> .pem keys should work FWIW, we use them for some internal projects here
>>> (EC2, again) -
>>>
>>> Lee Hambley
>>> --
>>> http://lee.hambley.name/
>>> +49 (0) 170 298 5667
>>>
>>>
>>> On 18 June 2013 13:56, TheGryzor123 <[email protected]> wrote:
>>>
>>>> Thanks so much for your reply.
>>>>
>>>> I have to use a gateway because we are using a VPN (private network)
>>>> and our server are not directly accessible from the net.
>>>>
>>>> All our servers require a .pem key to be able to log into, it's a
>>>> standard procedure on Amazon EC2. So I can SSH from one server to another
>>>> using the right key and the right port. Of course I suppose that if I omit
>>>> the key then the connection will be refused ;)
>>>>
>>>> I can show you the logs if you want to.
>>>>
>>>> On Tuesday, June 18, 2013 1:13:41 AM UTC+1, Michael Richardson wrote:
>>>>>
>>>>> TheGryzor123 <[email protected]> wrote:
>>>>> > Here is the architecture:
>>>>>
>>>>> > DeploymentServer --> Gateway --> PrivateServer
>>>>>
>>>>> > I don't know Ruby and I'm not a Capistrano expert so could you
>>>>> tell me if
>>>>> > there is something wrong in my code?
>>>>>
>>>>> > ssh_options[:forward_agent] = true
>>>>> > set :ssh_options, {:auth_methods => 'publickey'}
>>>>>
>>>>> That's the default, as far as I know.
>>>>>
>>>>> > ssh_options[:verbose] = :debug
>>>>> > set :ssh_options, {:keys => ['~/.ssh/GATEWAY_KEY.pem',
>>>>> > '~/.ssh/PRIVATE_SERVER_KEY.**pem**']}
>>>>>
>>>>> I'm not aware of these options. I've never known the implementation to
>>>>> use
>>>>> pem encoded keys. Why would you specify the gateways keys?
>>>>>
>>>>> > It doesn't work and using this syntax I wonder how Capistrano
>>>>> could figure
>>>>> > out which key to use. Using SSH from one server to another it
>>>>> works.
>>>>>
>>>>> Can you please detail, "it works", what specifically works?
>>>>> I think that if you specify a gateway, that you are telling capistrano
>>>>> that in order to reach DeploymentServer, it should use Gateway.
>>>>> I don't think it applies at all to the outgoing ssh to get code.
>>>>>
>>>>> Login to DeploymentServer, and configure .ssh/config such that you
>>>>> can "ssh privateserver" and have it work. You'll want to read the
>>>>> ssh_config man page, and likely specify a Hostname and Port in the
>>>>> config for "privateserver"
>>>>>
>>>>>
>>>>> --
>>>>> ] Never tell me the odds! | ipv6 mesh
>>>>> networks [
>>>>> ] Michael Richardson, Sandelman Software Works | network
>>>>> architect [
>>>>> ] [email protected] http://www.sandelman.ca/ | ruby on
>>>>> rails [
>>>>>
>>>>> --
>>>> --
>>>> * You received this message because you are subscribed to the Google
>>>> Groups "Capistrano" group.
>>>> * To post to this group, send email to [email protected]
>>>> * To unsubscribe from this group, send email to capistrano+...@**
>>>> googlegroups.com For more options, visit this group at
>>>> http://groups.google.com/**group/capistrano?hl=en<http://groups.google.com/group/capistrano?hl=en>
>>>>
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Capistrano" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to capistrano+...@**googlegroups.com.
>>>>
>>>> For more options, visit
>>>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
>>>> .
>>>>
>>>>
>>>>
>>>
>>> --
>> --
>> * You received this message because you are subscribed to the Google
>> Groups "Capistrano" group.
>> * To post to this group, send email to [email protected]<javascript:>
>> * To unsubscribe from this group, send email to
>> [email protected] <javascript:> For more options, visit
>> this group at http://groups.google.com/group/capistrano?hl=en
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Capistrano" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>
--
--
* You received this message because you are subscribed to the Google Groups
"Capistrano" group.
* To post to this group, send email to [email protected]
* To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/capistrano?hl=en
---
You received this message because you are subscribed to the Google Groups
"Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
