Capistrano and several SSH keys

Question

I need Capistrano to use 2 different SSH keys. One is for the git repository, one is for the server to deploy to.

Whichever key I rename to id_rsa in my .ssh folder, works. The other one doesn't. If I rename the git key to id_rsa, Capistrano can connect to the git repository, but then can't authenticate at the server to deploy. If I call it something else, it will not be able to connect to the git repo. I know that the other key works, cause I can do ssh -i ~/.ssh/otherKey.pem and it will successfully connect to the server.

This is what I have in my deploy.rb Capistrano file.

ssh_options[:keys] = [
        File.join(ENV["HOME"], ".ssh", "id_rsa"),
        File.join(ENV["HOME"], ".ssh", "deploy")
    ]

ssh_options[:forward_agent] = true 

How can I tell Capistrano to use BOTH the keys? It only seems to use the one called id_rsa.

edit:

Here's the output from Capistrano with the error message:

$ cap yii deploy
  * executing `yii'
Yii
  * executing `deploy'
  * executing `deploy:update'
 ** transaction: start
  * executing `deploy:update_code'
    executing locally: "git ls-remote git@project.beanstalkapp.com:/projectyii.git HEAD"
  * executing "git clone -q git@project.beanstalkapp.com:/projectyii.git /var/www/projectyii-trunk/releases/20110824174629 && cd /var/www/projectyii-trunk/releases/20110824174629 && git checkout -q -b deploy 5e14521285ca04a605353e97bdf31c3a2889dbfb && (echo 5e14521285ca04a605353e97bdf31c3a2889dbfb > /var/www/projectyii-trunk/releases/20110824174629/REVISION)"
    servers: ["yii.project.com"]
    [yii.project.com] executing command
 ** [yii.project.com :: err] Error reading response length from authentication socket.
 ** [yii.project.com :: err] Permission denied (publickey,keyboard-interactive).
 ** [yii.project.com :: err] fatal: The remote end hung up unexpectedly
    command finished
*** [deploy:update_code] rolling back
  * executing "rm -rf /var/www/projectyii-trunk/releases/20110824174629; true"
    servers: ["yii.project.com"]
    [yii.project.com] executing command
    command finished
failed: "sh -c \"git clone -q git@project.beanstalkapp.com:/projectyii.git /var/www/projectyii-trunk/releases/20110824174629 && cd /var/www/projectyii-trunk/releases/20110824174629 && git checkout -q -b deploy 5e14521285ca04a605353e97bdf31c3a2889dbfb && (echo 5e14521285ca04a605353e97bdf31c3a2889dbfb > /var/www/projectyii-trunk/releases/20110824174629/REVISION)\"" on yii.project.com

edit:

Another thing: it totally works fine from my local machine, just not on the deploy server - with exactly the same config files! It seems Capistrano uses the correct keys on my local machine, but not on the deploy machine.

Answer 1

Disclaimer: I don't know anything about Capistrano.

If it simply does normal ssh calls (or calls git to do this), you can configure the right key to use in your ~/.ssh/config on a per-host (or per-host-alias) basis.

For example, I have these lines in my ~/.ssh/config file:

# Git bei Github
Host github.com
User git
IdentityFile ~/.ssh/svn_id_rsa

#  Andere Mathe-Hosts
Host *.math.hu-berlin.de
User ebermann
IdentityFile ~/.ssh/id_rsa
ControlMaster auto

Answer 2

I have this line in deploy.rb:

ssh_options[:keys] = %w(/Users/victor.pudeyev/ec2/MBP-2.pem)

This suggests that the key filenames are space separated, e.g.

ssh_options[:keys] = %w(/Users/victor.pudeyev/ec2/MBP-1.pem /Users/victor.pudeyev/ec2/MBP-2.pem)

Answer 3

I had this problem and had ssh forwarding set in the capfile. Removing that, allowed the target box to use its own keys

Answer 4

A bit late to the party here, but one option is to use a bit of ruby glue to detect which file to use:

['~/.ssh/onekey.pem','~/.ssh/id_rsa'].each do |name|
  if File.exists?(File.expand_path(name))
    ssh_options[:keys] ||= name
  end
end