svn checkout host key validation error, Amazon EC2
111 views
Skip to first unread message
jfrankov
May 1, 2008, 1:45:36 AM5/1/08
to Capistrano
I'm trying to deploy my application on an Amazon EC2 instance running
Ubuntu. I have a keypair set up and can log into the instance using
ssh just fine. Matter of fact, all my capistrano tasks run fine on the
instance until I try to do an svn checkout:
* executing `deploy:setup'
* executing "umask 02 && mkdir -p /mnt/app /mnt/app/releases /mnt/
app/shared /mnt/app/shared/system /mnt/app/shared/log /mnt/app/shared/
pids"
* executing `deploy:check'
You appear to have all necessary dependencies installed
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
* executing "svn checkout -q -r2048 svn+ssh://foo.bar.com/svn/baz/
code/ror/tags/quez/12
/mnt/app/releases/20080501051610 && (echo 2048 > /mnt/app/releases/
20080501051610/REVISION)"
servers: ["ec2-75-101-xxx-xxx.compute-1.amazonaws.com"]
[ec2-75-101-xxx-xxx.compute-1.amazonaws.com] executing command
** [err] Host key verification failed.
** [err] svn: Connection closed unexpectedly
command finished
*** [deploy:update_code] rolling back
(I've edited the output for brevity.)
I get "Host key verification failed", so I log in to the instance and
try to execute the command manually to see what the problem is:
root@ec2-75-101-xxx-xxx-production:~# svn checkout -q -r2048 svn
+ssh://foo.bar.com/svn/baz/code/ror/tags/quez/12 /mnt/app/releases/
20080501051610 && (echo 2048 > /mnt/app/releases/20080501051610/
REVISION)
ro...@foo.bar.com's password:
...so I assume that the password prompt is what's preventing
capistrano from working. My question is, how do I get the instance to
not ask for a password?
Any & all advice is appreciated- thanks!
-Jason
Ubuntu. I have a keypair set up and can log into the instance using
ssh just fine. Matter of fact, all my capistrano tasks run fine on the
instance until I try to do an svn checkout:
* executing `deploy:setup'
* executing "umask 02 && mkdir -p /mnt/app /mnt/app/releases /mnt/
app/shared /mnt/app/shared/system /mnt/app/shared/log /mnt/app/shared/
pids"
* executing `deploy:check'
You appear to have all necessary dependencies installed
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
* executing "svn checkout -q -r2048 svn+ssh://foo.bar.com/svn/baz/
code/ror/tags/quez/12
/mnt/app/releases/20080501051610 && (echo 2048 > /mnt/app/releases/
20080501051610/REVISION)"
servers: ["ec2-75-101-xxx-xxx.compute-1.amazonaws.com"]
[ec2-75-101-xxx-xxx.compute-1.amazonaws.com] executing command
** [err] Host key verification failed.
** [err] svn: Connection closed unexpectedly
command finished
*** [deploy:update_code] rolling back
(I've edited the output for brevity.)
I get "Host key verification failed", so I log in to the instance and
try to execute the command manually to see what the problem is:
root@ec2-75-101-xxx-xxx-production:~# svn checkout -q -r2048 svn
+ssh://foo.bar.com/svn/baz/code/ror/tags/quez/12 /mnt/app/releases/
20080501051610 && (echo 2048 > /mnt/app/releases/20080501051610/
REVISION)
ro...@foo.bar.com's password:
...so I assume that the password prompt is what's preventing
capistrano from working. My question is, how do I get the instance to
not ask for a password?
Any & all advice is appreciated- thanks!
-Jason
Jamis Buck
May 1, 2008, 1:54:10 AM5/1/08
to capis...@googlegroups.com
I'm not 100% sure what the "host key verification failed" error is
about, but I suspect it is Subversion's SSH connection complaining
that it cannot verify the host key of the host it is trying to connect
to. Regarding passwordless authentication, you'll need to make sure
that you have your keys set up such that you can ssh from the EC2
instance to your "foo.bar.com" server (the one hosting your svn
repository).
about, but I suspect it is Subversion's SSH connection complaining
that it cannot verify the host key of the host it is trying to connect
to. Regarding passwordless authentication, you'll need to make sure
that you have your keys set up such that you can ssh from the EC2
instance to your "foo.bar.com" server (the one hosting your svn
repository).
- Jamis
> --~--~---------~--~----~------------~-------~--~----~
> To unsubscribe from this group, send email to capistrano-...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/capistrano
> -~----------~----~----~----~------~----~------~--~---
>
jfrankov
May 1, 2008, 2:20:42 AM5/1/08
to Capistrano
Thanks for the quick reply Jamis. I've created a keypair on the
instance and copied to the "jason" account on foo.bar.com. Now
regular ssh from the shell to foo.bar.com works:
root@ec2-75-101-xxx-xxx-production:~# ssh -i ~/.ssh/id_rsa
ja...@foo.bar.com hostname
foo
Then I went to run the cap task again but got the same Host Key
Verification error again. I thought maybe I needed to put my username
in the URL, so I changed the :repository value in my deploy.rb to:
set :repository, "svn+ssh://ja...@foo.bar.com/svn/#{application}/code/
ror/tags/quez/12"
...then ran the cap task again but nothing changed, same error. Any
other ideas?
Thanks again for your help!
> > r...@foo.bar.com's password:
> 3KDownload
instance and copied to the "jason" account on foo.bar.com. Now
regular ssh from the shell to foo.bar.com works:
root@ec2-75-101-xxx-xxx-production:~# ssh -i ~/.ssh/id_rsa
ja...@foo.bar.com hostname
foo
Then I went to run the cap task again but got the same Host Key
Verification error again. I thought maybe I needed to put my username
in the URL, so I changed the :repository value in my deploy.rb to:
set :repository, "svn+ssh://ja...@foo.bar.com/svn/#{application}/code/
ror/tags/quez/12"
...then ran the cap task again but nothing changed, same error. Any
other ideas?
Thanks again for your help!
>
> > ...so I assume that the password prompt is what's preventing
> > capistrano from working. My question is, how do I get the instance to
> > not ask for a password?
>
> > Any & all advice is appreciated- thanks!
>
> > -Jason
>
> > >
>
>
> smime.p7s
> > ...so I assume that the password prompt is what's preventing
> > capistrano from working. My question is, how do I get the instance to
> > not ask for a password?
>
> > Any & all advice is appreciated- thanks!
>
> > -Jason
>
> > >
>
>
> 3KDownload
Jamis Buck
May 1, 2008, 2:27:37 AM5/1/08
to capis...@googlegroups.com
I've afraid I've never had that error, so I'm not sure. :( Anyone else
have any ideas?
have any ideas?
- Jamis
jfrankov
May 2, 2008, 9:44:26 PM5/2/08
to Capistrano
I figured it out... I added a "run 'whoami'" to the cap task and it
said I was user "app", not "root" like I thought. I created a keypair
as the app user, and added the public key to the jason user on
foo.bar.com. Note that you have to keep the username in the URL or
this won't work.
Thanks for the help Jamis, and for creating Capistrano in the first
place!
-Jason
> smime.p7s
> 3KDownload
said I was user "app", not "root" like I thought. I created a keypair
as the app user, and added the public key to the jason user on
foo.bar.com. Note that you have to keep the username in the URL or
this won't work.
Thanks for the help Jamis, and for creating Capistrano in the first
place!
-Jason
> 3KDownload
Neil Wilson
May 4, 2008, 6:56:25 AM5/4/08
to Capistrano
Having fought this for a couple of days last week I may be able to
shed light on the situation.
The problem is that the Subversion 'chat script' (handle_data) is not
working because when you use 'svn+ssh' on the later versions of
Capistrano it automatically goes into 'non-interactive' mode due to
the lack of a pty - no prompts = no chat script = no host key
verification. If you use 'svn+ssh' on probably any version of Linux
you will need to switch ptys back on with:
default_run_options[:pty] = true
in your deploy.rb even if you use public keys, unless you do the SSH
host verification manually up front (or turn it off).
NeilW
shed light on the situation.
The problem is that the Subversion 'chat script' (handle_data) is not
working because when you use 'svn+ssh' on the later versions of
Capistrano it automatically goes into 'non-interactive' mode due to
the lack of a pty - no prompts = no chat script = no host key
verification. If you use 'svn+ssh' on probably any version of Linux
you will need to switch ptys back on with:
default_run_options[:pty] = true
in your deploy.rb even if you use public keys, unless you do the SSH
host verification manually up front (or turn it off).
NeilW
Reply all
Reply to author
Forward
0 new messages