问题
I need Capistrano to use 2 different SSH keys. One is for the git repository, one is for the server to deploy to.
Whichever key I rename to id_rsa in my .ssh folder, works. The other one doesn't. If I rename the git key to id_rsa, Capistrano can connect to the git repository, but then can't authenticate at the server to deploy. If I call it something else, it will not be able to connect to the git repo. I know that the other key works, cause I can do ssh -i ~/.ssh/otherKey.pem and it will successfully connect to the server.
This is what I have in my deploy.rb Capistrano file.
ssh_options[:keys] = [
File.join(ENV["HOME"], ".ssh", "id_rsa"),
File.join(ENV["HOME"], ".ssh", "deploy")
]
ssh_options[:forward_agent] = true
How can I tell Capistrano to use BOTH the keys? It only seems to use the one called id_rsa.
edit:
Here's the output from Capistrano with the error message:
$ cap yii deploy
* executing `yii'
Yii
* executing `deploy'
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
executing locally: "git ls-remote git@project.beanstalkapp.com:/projectyii.git HEAD"
* executing "git clone -q git@project.beanstalkapp.com:/projectyii.git /var/www/projectyii-trunk/releases/20110824174629 && cd /var/www/projectyii-trunk/releases/20110824174629 && git checkout -q -b deploy 5e14521285ca04a605353e97bdf31c3a2889dbfb && (echo 5e14521285ca04a605353e97bdf31c3a2889dbfb > /var/www/projectyii-trunk/releases/20110824174629/REVISION)"
servers: ["yii.project.com"]
[yii.project.com] executing command
** [yii.project.com :: err] Error reading response length from authentication socket.
** [yii.project.com :: err] Permission denied (publickey,keyboard-interactive).
** [yii.project.com :: err] fatal: The remote end hung up unexpectedly
command finished
*** [deploy:update_code] rolling back
* executing "rm -rf /var/www/projectyii-trunk/releases/20110824174629; true"
servers: ["yii.project.com"]
[yii.project.com] executing command
command finished
failed: "sh -c \"git clone -q git@project.beanstalkapp.com:/projectyii.git /var/www/projectyii-trunk/releases/20110824174629 && cd /var/www/projectyii-trunk/releases/20110824174629 && git checkout -q -b deploy 5e14521285ca04a605353e97bdf31c3a2889dbfb && (echo 5e14521285ca04a605353e97bdf31c3a2889dbfb > /var/www/projectyii-trunk/releases/20110824174629/REVISION)\"" on yii.project.com
edit:
Another thing: it totally works fine from my local machine, just not on the deploy server - with exactly the same config files! It seems Capistrano uses the correct keys on my local machine, but not on the deploy machine.
回答1:
Disclaimer: I don't know anything about Capistrano.
If it simply does normal ssh calls (or calls git to do this), you can configure the right key to use in your ~/.ssh/config on a per-host (or per-host-alias) basis.
For example, I have these lines in my ~/.ssh/config file:
# Git bei Github
Host github.com
User git
IdentityFile ~/.ssh/svn_id_rsa
# Andere Mathe-Hosts
Host *.math.hu-berlin.de
User ebermann
IdentityFile ~/.ssh/id_rsa
ControlMaster auto
回答2:
I have this line in deploy.rb:
ssh_options[:keys] = %w(/Users/victor.pudeyev/ec2/MBP-2.pem)
This suggests that the key filenames are space separated, e.g.
ssh_options[:keys] = %w(/Users/victor.pudeyev/ec2/MBP-1.pem /Users/victor.pudeyev/ec2/MBP-2.pem)
回答3:
I had this problem and had ssh forwarding set in the capfile. Removing that, allowed the target box to use its own keys
回答4:
A bit late to the party here, but one option is to use a bit of ruby glue to detect which file to use:
['~/.ssh/onekey.pem','~/.ssh/id_rsa'].each do |name|
if File.exists?(File.expand_path(name))
ssh_options[:keys] ||= name
end
end
来源:https://stackoverflow.com/questions/7154161/capistrano-and-several-ssh-keys