capistrano3 permission denied (using proxy)
545 views
Skip to first unread message
matteo bruno
Jun 3, 2015, 10:24:53 AM6/3/15
to capis...@googlegroups.com
Versions:
- Ruby 2.1.2p95
- Capistrano 3.4
- Rake / Rails / etc
Platform:
- Working on.... Ubuntu 14.04
- Deploying to... Amazon Linux AMI
Hi,
I'm trying to migrate my capistrano v2 script to the new v3.4 version.
All went well with development stage: I have one EC2 instance, and the deploy completed without errors.
I'm having some troubles with my production script, because I've got a proxy (EC2 instance) before my production servers (EC2 instances too); in my capistrano v2 script all was working, now I'm using cap-ec2 + capistrano v3.4 to deploy my application only to tagged servers, but when I try it I get "Permission Denied", my production servers refuse my key.
Maybe I've set something wrong with proxy parameters in my script, can you please help me?
Thanks a lot!!
Here you can find proxy parameters:
CAPISTRANO V2 (working)
set :gateway, "dep...@xxx.xxx.xxx.xxx"
set :ssh_options, { :forward_agent => true }
default_run_options[:pty] = true
ssh_options[:port] = "22"
ssh_options[:keys] = [File.join(ENV["HOME"], ".ssh", "id_rsa_deploy_myapp")]
CAPISTRANO V3 (not working)
require 'net/ssh/proxy/command'
set :ssh_options, {
user: "deploy",
keys: %w("~/.ssh/id_rsa_deploy_myapp"),
auth_methods: %w(publickey),
forward_agent: true,
port: 22,
proxy: Net::SSH::Proxy::Command.new('ssh xxx.xxx.xxx.xxx -W %h:%p')
}
Lee Hambley
Jun 3, 2015, 10:26:11 AM6/3/15
to Capistrano
Where did you find `set :ssh_options` documented for v3?
It doesn't exist that way, and you are instead to use a `.ssh/config` (can be global in your home directory, or committed to the root of your project repository) as documented here https://github.com/capistrano/sshkit#tunneling-and-other-related-ssh-themes
--
You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/73839e4c-5413-4006-876e-a8b54f93ca30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
matteo bruno
Jun 4, 2015, 4:47:00 AM6/4/15
to capis...@googlegroups.com
Hi,
thanks a lot for your hint!
I've modified my script using
SSHKit::Backend::Netssh.configure do |ssh|
ssh.connection_timeout = 30
ssh.ssh_options = {
keys: %w("~/.ssh/id_rsa_deploy_xxx"),
forward_agent: true,
auth_methods: %w(publickey)
}
end
set :ssh_options, proxy: Net::SSH::Proxy::Command.new('ssh xxx.xxx.xxx.xxx -W %h:%p')
but I still get 'permission denied' error...
LOG:
Permission denied (publickey).
(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as dep...@xx.xx.xx.xx: connection closed by remote host
Net::SSH::Disconnect: connection closed by remote host
EOFError: end of file reached
Tasks: TOP => git:check => git:wrapper
(See full trace by running task with --trace)
The deploy has failed with an error: Exception while executing as dep...@10.0.10.133: connection closed by remote host
Permission denied (publickey).
Lee Hambley
Jun 4, 2015, 4:50:24 AM6/4/15
to Capistrano
I ask again, where did you see `set :ssh_options, proxy: Net::SSH::Proxy::Command.new('ssh xxx.xxx.xxx.xxx -W %h:%p')` documented?
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/ff0b2f8b-365b-4e4e-af42-b0e59e6b3599%40googlegroups.com.
matteo bruno
Jun 4, 2015, 4:56:29 AM6/4/15
to capis...@googlegroups.com
Hi,
sorry, I forgot to tell you where I've seen that command
what is the right way to connect to a gateway? can you please help me?
thanks a lot,
Matteo
Lee Hambley
Jun 4, 2015, 6:57:26 AM6/4/15
to Capistrano
The right way is to use a `.ssh/config` file, which Net:SSH (via SSHKit, via Capistrano) will pick up, this file can be in your home directory, or in your project's root. No need to have a Ruby DSL for something for which we have a perfectly good subsystem.
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/1f7ad360-eb68-406f-8786-e70b3b14b81f%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages