当服务器 ssh 密钥有密码时,Capistrano 部署失败
Capistrano deployment fails when server ssh key has a passphrase
当我在远程服务器上为 ssh 密钥设置密码时,使用 Capistrano 进行部署失败。
但它在没有设置密码时有效...
我希望能够在部署时输入密码,这样我仍然可以在服务器上使用密码。
错误:
01 mkdir -p /tmp
01 <user>@<ip> 0.183s
Uploading /tmp/git-ssh-<app>-<env>-<me>.sh 100.0%
02 chmod 700 /tmp/git-ssh-<app>-<env>-<me>.sh
02 <user>@<ip> 0.178s
git:check
01 git ls-remote --heads git@github.com:<me>/<my-repo>.git
01 Permission denied (publickey).
01 fatal: Could not read from remote repository.
01
01 Please make sure you have the correct access rights
01 and the repository exists.
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as <user>@<ip>: git exit status: 128
git stdout: Nothing written
git stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
deploy.rb
lock '3.7.1'
set :application, '<app>'
set :repo_url, 'git@github.com:<me>/<app>.git'
set :user, '<user>'
set :scm_user, '<me>'
set :deploy_to, '/home/<user>/<app>'
set :scm, :git
set :branch, 'master'
append :linked_files, 'config/database.yml', 'config/secrets.yml'
append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "vendor/bundle"
deploy/production.rb
server '<ip>', user: '<user>', roles: %w{app db web}
所以我希望 Capistrano 在部署时询问我密码,以便我的服务器可以使用它来连接 github。
这可能吗?
您可以使用 SSH 代理转发。因此无需在服务器上输入密码。
这样你只需在本地预加载你的 ssh key/s ssh-add keyname_rsa 并让它们自动转发到你的主机,然后根据需要从你的主机转发到 Github 服务器。
因此您只需在本地输入一次密码,如下所示:
其余的发生在 "automagically" 部署期间。值得设立。
来自the docs:
1.2.1 SSH Agent Forwarding
As we’ve already set up an SSH agent, we can use the agent forwarding
feature of SSH to make this key agent available to further hops. In
short, we can use our own ssh key to authenticate ourselves from the
server to Github.
当我在远程服务器上为 ssh 密钥设置密码时,使用 Capistrano 进行部署失败。
但它在没有设置密码时有效...
我希望能够在部署时输入密码,这样我仍然可以在服务器上使用密码。
错误:
01 mkdir -p /tmp
01 <user>@<ip> 0.183s
Uploading /tmp/git-ssh-<app>-<env>-<me>.sh 100.0%
02 chmod 700 /tmp/git-ssh-<app>-<env>-<me>.sh
02 <user>@<ip> 0.178s
git:check
01 git ls-remote --heads git@github.com:<me>/<my-repo>.git
01 Permission denied (publickey).
01 fatal: Could not read from remote repository.
01
01 Please make sure you have the correct access rights
01 and the repository exists.
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as <user>@<ip>: git exit status: 128
git stdout: Nothing written
git stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
deploy.rb
lock '3.7.1'
set :application, '<app>'
set :repo_url, 'git@github.com:<me>/<app>.git'
set :user, '<user>'
set :scm_user, '<me>'
set :deploy_to, '/home/<user>/<app>'
set :scm, :git
set :branch, 'master'
append :linked_files, 'config/database.yml', 'config/secrets.yml'
append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "vendor/bundle"
deploy/production.rb
server '<ip>', user: '<user>', roles: %w{app db web}
所以我希望 Capistrano 在部署时询问我密码,以便我的服务器可以使用它来连接 github。
这可能吗?
您可以使用 SSH 代理转发。因此无需在服务器上输入密码。
这样你只需在本地预加载你的 ssh key/s ssh-add keyname_rsa 并让它们自动转发到你的主机,然后根据需要从你的主机转发到 Github 服务器。
因此您只需在本地输入一次密码,如下所示:
其余的发生在 "automagically" 部署期间。值得设立。
来自the docs:
1.2.1 SSH Agent Forwarding
As we’ve already set up an SSH agent, we can use the agent forwarding feature of SSH to make this key agent available to further hops. In short, we can use our own ssh key to authenticate ourselves from the server to Github.