Of course the bigger question is why you're deploying with passwords in the first place. SSH keys are easier, more secure, and can *also* be passworded, and that'll be managed by your OS. It's clearly documented how to do this http://www.capistranorb.com/documentation/getting-started/authentication-and-authorisation/
The reason Capistrano doesn't include password prompt support is because it's an amateurish trick to avoid setting things up "properly". For those on the wayyyyy other side, who know it's a bad idea, they know that it's easy to write something to prompt for input to bypass the built-in pain barrier. Lee Hambley -- http://lee.hambley.name/ +49 (0) 170 298 5667 On 18 November 2013 17:40, Kevin Lochner <[email protected]> wrote: > Thanks Lee, I was heading in that direction and it's helpful to focus the > search to this approach. > > - Kevin > > On Monday, November 18, 2013 8:33:31 AM UTC-8, Lee Hambley wrote: > >> Password authentication works if I hard-code the password into the >>> deploy/env.rb file, but otherwise it just runs through the password auth >>> without prompting me: >> >> >> This is expected behaviour. It's rather difficult to write an automation >> tool that requires user input! >> >> If you need to read input, see `ask()` in the documentation, or write >> your own method to do this using something like http://ruby. >> learncodethehardway.org/book/ex14.html >> >> Lee Hambley >> -- >> http://lee.hambley.name/ >> +49 (0) 170 298 5667 >> >> >> On 18 November 2013 17:24, Kevin Lochner <[email protected]> wrote: >> >>> I'm trying to setup Capistrano where the deploying user is prompted for >>> ssh password into app server. Password authentication works if I hard-code >>> the password into the deploy/env.rb file, but otherwise it just runs >>> through the password auth without prompting me: >>> >>> D, [2013-11-18T08:23:04.041167 #28602] DEBUG -- >>> net.ssh.authentication.session[3fd3b58b158c]: >>>> trying password >>>> E, [2013-11-18T08:23:04.041273 #28602] ERROR -- >>>> net.ssh.authentication.session[3fd3b58b158c]: >>>> all authorization methods failed (tried password) >>> >>> >>> ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin11.4.2] >>> Capistrano Version: 3.0.0 (Rake Version: 10.1.0) >>> >>> Here's staging.rb: >>> >>> set :stage, :staging >>>> server "10.1.45.78", roles: %w{web app db} >>>> set :ssh_options, { >>>> verbose: :debug, >>>> user: "klochner", >>>> auth_methods: %w(password) >>>> } >>> >>> >>> and here's the output: >>> >>> >>> INFO [0725887a] Running /usr/bin/env whoami on 10.1.45.78 >>>> DEBUG [0725887a] Command: /usr/bin/env whoami >>>> D, [2013-11-18T08:23:03.514730 #28602] DEBUG -- >>>> net.ssh.transport.session[3fd3b5473380]: establishing connection to >>>> 10.1.45.78:22 >>>> D, [2013-11-18T08:23:03.570553 #28602] DEBUG -- >>>> net.ssh.transport.session[3fd3b5473380]: connection established >>>> I, [2013-11-18T08:23:03.570782 #28602] INFO -- >>>> net.ssh.transport.server_version[3fd3b5472778]: negotiating protocol >>>> version >>>> D, [2013-11-18T08:23:03.633150 #28602] DEBUG -- >>>> net.ssh.transport.server_version[3fd3b5472778]: remote is >>>> `SSH-2.0-OpenSSH_5.3' >>>> D, [2013-11-18T08:23:03.633271 #28602] DEBUG -- >>>> net.ssh.transport.server_version[3fd3b5472778]: local is >>>> `SSH-2.0-Ruby/Net::SSH_2.7.0 x86_64-darwin11.4.2' >>>> D, [2013-11-18T08:23:03.697262 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: read 784 bytes >>>> D, [2013-11-18T08:23:03.697407 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: received packet nr 0 type 20 len 780 >>>> I, [2013-11-18T08:23:03.697502 #28602] INFO -- >>>> net.ssh.transport.algorithms[3fd3b546edd0]: got KEXINIT from server >>>> I, [2013-11-18T08:23:03.697745 #28602] INFO -- >>>> net.ssh.transport.algorithms[3fd3b546edd0]: sending KEXINIT >>>> D, [2013-11-18T08:23:03.697906 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: queueing packet nr 0 type 20 len 1620 >>>> D, [2013-11-18T08:23:03.698069 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: sent 1624 bytes >>>> I, [2013-11-18T08:23:03.698114 #28602] INFO -- >>>> net.ssh.transport.algorithms[3fd3b546edd0]: negotiating algorithms >>>> D, [2013-11-18T08:23:03.698223 #28602] DEBUG -- >>>> net.ssh.transport.algorithms[3fd3b546edd0]: negotiated: >>>> * kex: diffie-hellman-group-exchange-sha1 >>>> * host_key: ssh-rsa >>>> * encryption_server: aes128-cbc >>>> * encryption_client: aes128-cbc >>>> * hmac_client: hmac-sha1 >>>> * hmac_server: hmac-sha1 >>>> * compression_client: none >>>> * compression_server: none >>>> * language_client: >>>> * language_server: >>>> D, [2013-11-18T08:23:03.698253 #28602] DEBUG -- >>>> net.ssh.transport.algorithms[3fd3b546edd0]: exchanging keys >>>> D, [2013-11-18T08:23:03.698423 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: queueing packet nr 1 type 34 len 20 >>>> D, [2013-11-18T08:23:03.698470 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: sent 24 bytes >>>> D, [2013-11-18T08:23:03.816379 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: read 152 bytes >>>> D, [2013-11-18T08:23:03.816631 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: received packet nr 1 type 31 len 148 >>>> D, [2013-11-18T08:23:03.819843 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: queueing packet nr 2 type 32 len 140 >>>> D, [2013-11-18T08:23:03.820096 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: sent 144 bytes >>>> D, [2013-11-18T08:23:03.883696 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: read 720 bytes >>>> D, [2013-11-18T08:23:03.883900 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: received packet nr 2 type 33 len 700 >>>> D, [2013-11-18T08:23:03.886055 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: queueing packet nr 3 type 21 len 20 >>>> D, [2013-11-18T08:23:03.886208 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: sent 24 bytes >>>> D, [2013-11-18T08:23:03.886326 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: received packet nr 3 type 21 len 12 >>>> D, [2013-11-18T08:23:03.886698 #28602] DEBUG -- >>>> net.ssh.authentication.session[3fd3b58b158c]: >>>> beginning authentication of `klochner' >>>> D, [2013-11-18T08:23:03.886844 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: queueing packet nr 4 type 5 len 28 >>>> D, [2013-11-18T08:23:03.886912 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: sent 52 bytes >>>> D, [2013-11-18T08:23:04.040740 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: read 52 bytes >>>> D, [2013-11-18T08:23:04.040978 #28602] DEBUG -- >>>> tcpsocket[3fd3b5473880]: received packet nr 4 type 6 len 28 >>>> D, [2013-11-18T08:23:04.041167 #28602] DEBUG -- >>>> net.ssh.authentication.session[3fd3b58b158c]: >>>> trying password >>>> E, [2013-11-18T08:23:04.041273 #28602] ERROR -- >>>> net.ssh.authentication.session[3fd3b58b158c]: >>>> all authorization methods failed (tried password) >>>> cap aborted! >>>> klochner >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/net-ssh-2.7.0/lib/net/ssh.rb:215:in >>>> `start' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:156:in `ssh' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:109:in `block in _execute' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:106:in `tap' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:106:in `_execute' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:54:in `execute' >>>> config/deploy.rb:20:in `block (3 levels) in <top (required)>' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:42:in `instance_exec' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/backends/netssh.rb:42:in `run' >>>> /Users/klochner/.rvm/gems/ruby-2.0.0-p247/gems/sshkit-1. >>>> 1.0/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute' >>>> Tasks: TOP => deploy:whoami >>>> (See full trace by running task with --trace) >>> >>> -- >>> -- >>> * You received this message because you are subscribed to the Google >>> Groups "Capistrano" group. >>> * To post to this group, send email to [email protected] >>> * To unsubscribe from this group, send email to capistrano+...@ >>> googlegroups.com For more options, visit this group at >>> http://groups.google.com/group/capistrano?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Capistrano" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > -- > * You received this message because you are subscribed to the Google > Groups "Capistrano" group. > * To post to this group, send email to [email protected] > * To unsubscribe from this group, send email to > [email protected] For more options, visit this > group at http://groups.google.com/group/capistrano?hl=en > --- > You received this message because you are subscribed to the Google Groups > "Capistrano" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- -- * You received this message because you are subscribed to the Google Groups "Capistrano" group. * To post to this group, send email to [email protected] * To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano?hl=en --- You received this message because you are subscribed to the Google Groups "Capistrano" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
