"Permission denied (public key)" problem

[Roy Miller]

Probably something simple, but I'm at wit's end after exploring everything i know of from the Cap docs and elsewhere.

I set up my `deploy.rb` like so:

```ruby

SSHKit.config.command_map[:rake] = "bundle exec rake" # Ensure that bundle is used for rake tasks

lock '3.1.0' # config valid only for Capistrano 3.1

set :application, '[myapp]'

set :user, "deploy"

set :deploy_to, '/var/www/[myapp]'

set :use_sudo, false

set :pty, false

set :keep_releases, 5

set :format, :pretty

set :log_level, :debug

set :repo_url, 'g...@github.com:....git'

set :scm, :git

set :branch, 'master'

set :ssh_options, { forward_agent: true }

...

```

My stage file for the `acceptance` stage looks like this:

```ruby

set :stage, :acceptance

set :node_env, 'test'

set :user, 'deploy'

role :app, 'ec2-....compute-1.amazonaws.com'

role :web, 'ec2-....compute-1.amazonaws.com'

role :db,  'ec2-....compute-1.amazonaws.com'

role :server_pipeline, 'ec2-....compute-1.amazonaws.com'

server 'ec2-....compute-1.amazonaws.com', 

user: 'deploy',

roles: %w{server_pipeline},

primary: true,

keys: ['~/.ssh/blah.pem']

```

With that, I get this result when I run `cap acceptance deploy`:

DEBUG [a824cd7c] Running /usr/bin/env git ls-remote g...@github.com:....git on ec2-....compute-1.amazonaws.com

DEBUG [a824cd7c] Command: ( GIT_ASKPASS=/bin/echo GIT_SSH=/tmp/[myapp]/git-ssh.sh /usr/bin/env git ls-remote g...@github.com:....git )

DEBUG [a824cd7c] Permission denied (publickey).

DEBUG [a824cd7c] fatal: Could not read from remote repository.

DEBUG [a824cd7c]

DEBUG [a824cd7c] Please make sure you have the correct access rights

DEBUG [a824cd7c] and the repository exists.

DEBUG [a824cd7c] Finished in 0.175 seconds with exit status 128 (failed).

The maddening thing is that I can copy the command on the second output line above verbatim and run it from the command line on my server and it works fine. I reread the Cap page about things working via SSH but not when run by Cap, but couldn't see anything there to explain the result I'm getting. Here's what else I checked:

• I confirmed that I followed all instructions from *Authentication & Authorisation* followed, the deploy user exists, and all dirs exist with the correct permissions
• The ssh agent on the target box is running, and my key is loaded
• I set up no-password access for the `deploy` user
• I can run `git ls-remote` from the box and get a response from GitHub
• `ssh -vT g...@github.com` confirms I can connect

So I'm stumped. Don't know what else to try. Can anyone suggest something else to check/change? SSH issues can be so frustrating.

[Bruno Sutic]

Hey,

did you figure it out by now?

As you mentioned above, fully figuring out SSH and all it's capabilities is hard. I remember when I was learning and trying to understand it, it took me 5 full days (~10hrs a day). Yes, I literally devoted 5 days to learn it. So don't feel discouraged if you don't get it yet, it's normal.

I'll just briefly try to provide some feedback:

- ssh agent should NOT be running on the remote machine - it should be running on your local machine (where you're doing `$cap production deploy`)

- it's the key from your local machine that's forwarded to the server. Then the forwarded key is used for github authentication

- did you try this from the guide: ssh -A dep...@one-of-my-servers.com 'git ls-remote g...@github.com:capistrano/rails3-bootstrap-devise-cancan.git

What's the output? Note: you should run the above command from your local machine - not on the server!

So if it's still not working for you, write here and we can try to debug the process!