I deploy Rails and Ruby projects using capistrano and I manage my source control with git. Git is most typically accessed with a ssh key and not username-password. There is a way to proxy your key through your deploy server making it possible for capistrano to retrieve the code from a 3rd party (gitub or gitorious or ssh-enabled git-server). It’s called ssh agent. Not many people use it but it’s super handy and comes built in to most flavs of Linux and OS X Leopard.
Assuming you have already put your desktop public key in the git server’s authorized keys or on github/gitorious you have put your ssh public key in your profile. What you do is this:
echo >$HOME/.ssh/config <<\EOF Host *.mydeployservers.com ForwardAgent yes Host *.myotherdeployservers.com ForwardAgent yes Host * ForwardAgent no EOF chmod -R go-rwsx $HOME/.ssh
Now SSH-Agent is setup to forward your keys through the deploy server and and you are ready to do some deploying. You may need to login to the deploy server once and try to login to the git server (github or the like) one time to accept the servers ssh key and stash in the deploy server/user’s local “known_hosts” file.
ssh myuser@mydelpoyserver.com # (and from there) ssh git@github.com # the login will fail but the important part is accepting the server's ssh key exit
Now back on your desktop you can now deploy from github or the like without “deploy keys”.
ssh-add ; #only need to do this once per login to your desktop cap deploy
Posted on April 30th, 2008 by dysinger
Filed under: @work
I’m a long-time user of ssh-agent, I just didn’t know agent forwarding is this easy. Gonna try it on next deploy!
[...] Dysinger put up a great article the other day about simplifying Rails app deployment. He briefly goes over some of the SSH configuration options that you can use to simplify things, [...]
Where, where, where can I find out how to set up an SSH key and put it on my server so that I don’t have to type the password any more? I have copied the id_rsa file to .ssh/authorized_keys on the server. I have set the permissions.
I added the key to the agent. Of course that means I have to type “exec ssh-agent bash” every time I go the the shell now, for whatever stupid reason. It’s not clear. I can’t find out why, anywhere, I have to do that now.
But even when I do that, Capistrano FORCES me to put in the stupid password. God, I am SO MAD. It’s always the stupidest things that take the longest. 2 hours now, how ridiculous.
Capistrano often asks for a password for sudo when it really doesn’t need to if your deploy user already has the permissions needed. I use
It stops asking for sudo passwords by default. This what my current app looks like:
set :application, "myrailsapp" set :user, 'deploy' set :scm, :git set :run_method, :run set :ssh_options, { :forward_agent => true } set :repository, "git@XXXX.com:blahblah/#{application}.git" set :deploy_via, :remote_cache set :deploy_to, "/var/apps/#{application}"