Tim Dysinger

Deploying with Capistrano, Git and SSH-Agent

I deploy Rails and Ruby projects using capistrano and I manage my source control with git. Git is most typically accessed with a ssh key and not username-password. There is a way to proxy your key through your deploy server making it possible for capistrano to retrieve the code from a 3rd party (gitub or gitorious or ssh-enabled git-server). It's called ssh agent. Not many people use it but it's super handy and comes built in to most flavs of Linux and OS X Leopard. Assuming you have already put your desktop public key in the git server's authorized keys or on github/gitorious you have put your ssh public key in your profile. What you do is this:

echo >$HOME/.ssh/config <<\EOF
Host *.mydeployservers.com
  ForwardAgent yes
Host *.myotherdeployservers.com
  ForwardAgent yes
Host *
  ForwardAgent no
EOF
chmod -R go-rwsx $HOME/.ssh

Now SSH-Agent is setup to forward your keys through the deploy server and and you are ready to do some deploying. You may need to login to the deploy server once and try to login to the git server (github or the like) one time to accept the servers ssh key and stash in the deploy server/user's local "known_hosts" file.

ssh myuser@mydelpoyserver.com
# (and from there)
ssh git@github.com
# the login will fail but the important part is accepting the server's ssh key
exit

Now back on your desktop you can now deploy from github or the like without "deploy keys".

ssh-add ; #only need to do this once per login to your desktop
cap deploy

:)