4

I have the following deploy script set up with Capistrano v3 and capistrano/symfony gem. I am deploying to an AWS EC2 instance with Ubuntu 14.4 I am connecting with a .pem file downloaded from AWS. I have the following in my deploy.rb

set :pty, true

set :ssh_options, {
  user: 'ubuntu',
  keys: ['/Users/myuser/Sites/Myproject.pem'],
  forward_agent: true,
  auth_methods: ["publickey"]
}

when deploying with

bundle exec cap staging deploy --trace

The script connects fine but fails on this

INFO [4fd1b02c] Running /usr/bin/env git ls-remote --heads git@github.com:MyName/Myproject.git as ubuntu@ec2-00-000-000-000.eu-west-1.compute.amazonaws.com
DEBUG [4fd1b02c] Command: ( SYMFONY_ENV=prod GIT_ASKPASS=/bin/echo GIT_SSH=/var/www/tmp/myproject/git-ssh.sh /usr/bin/env git ls-remote --heads git@github.com:MyName/Myproject.git )

DEBUG [4fd1b02c]    Permission denied (publickey).
DEBUG [4fd1b02c]    
DEBUG [4fd1b02c]    fatal: Could not read from remote repository.
DEBUG [4fd1b02c]    
DEBUG [4fd1b02c]    
DEBUG [4fd1b02c]    Please make sure you have the correct access rights
DEBUG [4fd1b02c]    
DEBUG [4fd1b02c]    and the repository exists.
DEBUG [4fd1b02c] 

cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as ubuntu@ec2-00-000-000-000.eu-west-1.compute.amazonaws.com: git exit status: 128
git stdout: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
git stderr: Nothing written

I don't know why forward_agent is not working?

I have been trying to follow this guide - https://developer.github.com/guides/using-ssh-agent-forwarding/#testing-ssh-agent-forwarding

but when I get to this

echo "$SSH_AUTH_SOCK"

It prints a blank line.

Also if I run this on the server it says command not found

sshd_config
Patrick
  • 358
  • 6
  • 20
  • I now have other failed messages during deploy which I have made a new question for - http://stackoverflow.com/questions/33128623/capistrano-3-deploy-failed-messages-exit-status-1-failed – Patrick Oct 14 '15 at 14:51

4 Answers4

6

Double-check that the user running Capistrano has ssh-agent running and has ssh-added the relevant key.

Here are some good guides:

https://developer.github.com/guides/using-ssh-agent-forwarding/

http://mah.everybody.org/docs/ssh

will_in_wi
  • 2,623
  • 1
  • 16
  • 21
  • Thanks, how do I do that please? and what is the relevant key? I'm confused betwen the .pem I use to ssh in to EC2 and the key I need to connect to GitHub. – Patrick Oct 13 '15 at 17:36
  • I updated the answer. The key in question here is your GitHub key. Assuming that you are using Mac or Linux, it lives in `~/.ssh/id_dsa` or `~/.ssh/id_rsa`. – will_in_wi Oct 13 '15 at 17:39
  • 1
    I have done that and ran `ssh -T git@github.com` and and got success message, but still get public key error on deploy, like it's not forwarding it. – Patrick Oct 13 '15 at 17:56
  • When you ssh into your server and run `echo "$SSH_AUTH_SOCK"`, does it return anything? – will_in_wi Oct 13 '15 at 17:58
  • Then the ssh key is not being forwarded. You should be able to walk through the GitHub guide and make it work. – will_in_wi Oct 13 '15 at 18:01
  • I have just found this related question [link](http://stackoverflow.com/questions/22977714/capistrano-and-github-private-repo-permission-denied-publickey?rq=1) so I have updated my ssh connection to use `~/.ssh/id_rsa`. I am now seeing this message in the debug info when I try and deploy `debug1: Remote: Agent forwarding disabled: mkdtemp() failed: Permission denied` – Patrick Oct 14 '15 at 07:57
3

The solution to my problem was two things. Firstly I had to forward my id_rsa in the script like this:

set :ssh_options, {
  user: 'ubuntu',
  keys: ['~/.ssh/id_rsa'],
  forward_agent: true,
  auth_methods: ["publickey"]
}

I put my id_rsa.pub key on the server so that I could ssh into the server with the same key as i was forwarding.

The second thing I had to do was set the permissions on /tmp using 

chmod 1777 /tmp
Patrick
  • 358
  • 6
  • 20
1

I have faced similar issue during the cap run "$ bundle exec cap test deploy" 

Error : 
git stdout: Nothing written
git stderr: Warning: Permanently added the RSA host key for IP address 'xxxxxxxxx' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.

For this scenario, we need to authenticate github account using ssh key

Navigate to the github -> Settings -> SSH and GPG keys (section) -> Add "New SSh Key", copy your public key($ ssh-keygen #generate new key)) and paste key input field. Once the key is added, using this command "$ ssh -T git@github.com" check the authentication. It will shows following output

Hi <xxxxxxxx>! You've successfully authenticated, but GitHub does not provide shell access.

Now It is working fine!.

Shankar
  • 311
  • 4
  • 20
0
  1. Add the next gems end bundle
gem 'capistrano', require: false

gem 'capistrano-bundler', require: false

gem 'capistrano-rails', require: false

gem 'capistrano-rvm', require: false

gem 'capistrano-sidekiq', require: false
  1. $ cap -T

You see all command's descriptions.

  1. End do command from your variant environments.

if check production

$ cap production deploy:check

if staging

$ cap staging deploy:check

ruevaughn
  • 1,319
  • 1
  • 17
  • 48
Dastan Abeuov
  • 1
  • 2