Why does Capistrano require the public key?

193 views
Skip to first unread message

Paul Dowman

unread,
Apr 12, 2008, 10:07:33 AM4/12/08
to Capistrano
Hi, there's something that's been confusing me for a long time. When
connecting using public/private key authentication the client
shouldn't need to have the public key available, but for some reason
Capistrano (Net:SSH?) seems to require it.

The openssh client can connect without having the public key file
available, e.g. "ssh -i privkeyfile hostname" (where privkeyfile is a
private key). But Capistrano complains if there isn't also a file
named "privkeyfile.pub" (containing the public key) in the same
directory.

Am I doing something wrong? Is there a way to change this so that the
public key isn't required?

Thanks,
Paul

Jamis Buck

unread,
Apr 12, 2008, 10:39:06 AM4/12/08
to capis...@googlegroups.com
It's a quirk of Net::SSH that has never been patched. If anyone wants
to take a look and fix it, that'd be great. The problem might already
be fixed in Net::SSH v2 (due to be released in the near future), but I
haven't had a chance to verify.

- Jamis

> --~--~---------~--~----~------------~-------~--~----~
> To unsubscribe from this group, send email to capistrano-...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/capistrano
> -~----------~----~----~----~------~----~------~--~---
>

Paul Dowman

unread,
Apr 14, 2008, 10:02:16 AM4/14/08
to capis...@googlegroups.com
I'd be willing to take a crack at it if you can point me in the right
direction and if it's not fixed in v2.

Paul

On Sat, Apr 12, 2008 at 10:39 AM, Jamis Buck <ja...@37signals.com> wrote:
> It's a quirk of Net::SSH that has never been patched. If anyone wants to
> take a look and fix it, that'd be great. The problem might already be fixed
> in Net::SSH v2 (due to be released in the near future), but I haven't had a
> chance to verify.
>
> - Jamis
>
>
>
> On Apr 12, 2008, at 8:07 AM, Paul Dowman wrote:
>
> >
> >
> >
> >
> > Hi, there's something that's been confusing me for a long time. When
> > connecting using public/private key authentication the client
> > shouldn't need to have the public key available, but for some reason
> > Capistrano (Net:SSH?) seems to require it.
> >
> > The openssh client can connect without having the public key file
> > available, e.g. "ssh -i privkeyfile hostname" (where privkeyfile is a
> > private key). But Capistrano complains if there isn't also a file
> > named "privkeyfile.pub" (containing the public key) in the same
> > directory.
> >
> > Am I doing something wrong? Is there a way to change this so that the
> > public key isn't required?
> >
> > Thanks,
> > Paul
> >
> > > >
> >
>
>

--
http://pauldowman.com

Jamis Buck

unread,
Apr 14, 2008, 11:12:10 AM4/14/08
to capis...@googlegroups.com
You could maybe start here:

http://github.com/jamis/net-ssh/tree/master/lib/net/ssh/
key_factory.rb

And search the code for places KeyFactory is used, to determine when/
where public keys are being used where private keys would do.

- Jamis

David Masover

unread,
Apr 14, 2008, 12:48:39 PM4/14/08
to capis...@googlegroups.com
I know that various ssh utilities can generate a public key from a private one -- I don't know the specifics, but I know that:

ssh-add /some/private/key
ssh-copy-id account_I_only_have...@some.host

The fact that this works, even if I don't currently have a public key file available, proves that the ssh private key format, at least, contains the information necessary to generate a public key. Therefore, I would think that a quick fix might be to find out how ssh does that, and simply generate a public key when needed.

On Mon, Apr 14, 2008 at 10:12 AM, Jamis Buck <ja...@37signals.com> wrote:
You could maybe start here:

 http://github.com/jamis/net-ssh/tree/master/lib/net/ssh/key_factory.rb

And search the code for places KeyFactory is used, to determine when/where public keys are being used where private keys would do.

Paul Dowman

unread,
Apr 15, 2008, 8:12:46 AM4/15/08
to capis...@googlegroups.com
Great, thanks. I'll try to take a look at it when I get a spare few
minutes, probably this weekend.

Paul

--
http://pauldowman.com

Jacob Atzen

unread,
Apr 16, 2008, 3:04:50 AM4/16/08
to capis...@googlegroups.com

On 14/04/2008, at 18.48, David Masover wrote:

> I know that various ssh utilities can generate a public key from a
> private one -- I don't know the specifics, but I know that:
>
> ssh-add /some/private/key
> ssh-copy-id account_I_only_have...@some.host
>
> The fact that this works, even if I don't currently have a public
> key file available, proves that the ssh private key format, at
> least, contains the information necessary to generate a public key.
> Therefore, I would think that a quick fix might be to find out how
> ssh does that, and simply generate a public key when needed.


From the man-page of ssh-keygen of OpenSSH:

-y This option will read a private OpenSSH format file and
print
an OpenSSH public key to stdout.

You will need to supply the private key password to load it.

--
Cheers,
- Jacob Atzen

Reply all
Reply to author
Forward
0 new messages