Capistrano: Authentication failed for user ubuntu@xx.xxx.xxx.xxx (Net::SSH::AuthenticationFailed)

Question

I can connect via ssh ubuntu@xx.xxx.xxx.xxx. but not via cap production deploy:check

current

set :user, "ubuntu"
set :ssh_options, { forward_agent: true }

server "xx.xxx.xxx.xxx",
       user: fetch(:user),
       roles: %w[web app db]

tried

set :user, "ubuntu"
set :ssh_options, {
  forward_agent: true,
  user: fetch(:user),
  keys: %w(~/.ssh/id_rsa)
}

server "xx.xxx.xxx.xxx",
       user: fetch(:user),
       roles: %w[web app db]

The "current" used to be my setup for other projects, and I just have to ssh-add then cap production deploy

What changed? or is my config incorrect?

dr.calix · Answer 1 · 2022-05-27T03:52:12.327

15

issue: Authentication failed for user ubuntu@xx.xxx.xxx.xxx (Net::SSH::AuthenticationFailed) via capistrano but can ssh directly

debugging:

sudo tail -f /var/log/auth.log on the server
then tried cap production deploy:check on my local
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] appeared from auth.log

solution:

edited then /etc/ssh/sshd_config
- find PubkeyAuthentication then uncomment(remove #)
- add PubkeyAcceptedKeyTypes=+ssh-rsa
restart sshd sudo systemctl restart sshd

edited May 27 '22 at 03:52

answered May 27 '22 at 02:44

dr.calix

667
8
21

Excellent, thank you! (P.S.: you can accept your own answers) – Victor Pudeyev Aug 12 '23 at 22:28

score 0 · Answer 2 · answered Jun 25 '23 at 18:47

ssh-rsa has been disabled by default for security reasons and should be avoided.

You may need to update the net-ssh gem, as support for rsa-sha2-512 and rsa-sha2-256 host key algorithms were added in version 6.2.0.beta1.

Updating net-ssh directly may not work due to other dependencies, so you may have to update sshkit.

bundle update sshkit

Capistrano: Authentication failed for user ubuntu@xx.xxx.xxx.xxx (Net::SSH::AuthenticationFailed)

2 Answers2

Linked