Net::SSH::AuthenticationFailed: Authentication failed for user... Why?

[John]

Versions:

• Ruby: ruby 2.0.0p195
  
• Capistrano: 3.1.0
• Capistrano-rails: 1.1.1
• Rake: 10.2.2
  
• Rails: 4.1.0.rc2
  

Platform:

• Working on: Ubuntu Linux
  
• Deploying to: Ubuntu Linux

Files:

• Capfile

require 'capistrano/setup'
require 'capistrano/deploy'
require 'capistrano/bundler'
require 'capistrano/rails'
require 'capistrano/rails/assets'
require 'capistrano/rails/migrations'
Dir.glob('lib/capistrano/tasks/*.cap').each { |r| import r }

• deploy.rb

lock '3.1.0'

set :application, 'my application'

# set :ssh_options, {
#
#}

set :repo_url, '/home/deployer/my_app.git'
set :branch, 'master'
set :deploy_to, '/home/deployer'
set :scm, :git
set :rvm_type, :system
set :pty, true
set :linked_files, %w{config/database.yml config/secrets.yml}
set :linked_dirs, %w{bin log tmp/pids tmp/cache tmp/sockets vendor/bundle public/system}
set :keep_releases, 5

# The test task
task :whoami do
  on roles(:all) do
    execute :whoami
  end
end

• Stage files (production.rb)

server 'mydomain.com', user: 'deployer', roles: %w{web app db}

===============================================================

The problem:

I can ssh into my remote production server without any problems (using keys, not passsword), but apparently Capistrano 3 can't authenticate: When I execute the following simple test task

task :whoami do
  on roles(:all) do
    execute :whoami
  end
end
 

...I get...

$ cap production whoami --trace
** Invoke production (first_time)
** Execute production
** Invoke load:defaults (first_time)
** Execute load:defaults
** Invoke bundler:map_bins (first_time)
** Execute bundler:map_bins
** Invoke whoami (first_time)
** Execute whoami
 INFO [fa727bad] Running /usr/bin/env whoami on mydomain.com
DEBUG [fa727bad] Command: /usr/bin/env whoami
cap aborted!
Net::SSH::AuthenticationFailed: Authentication failed for user depl...@mydomain.com
/home/my_user/.rvm/gems/ruby-2.0.0-p195@rails3213/gems/net-ssh-2.8.0/lib/net/ssh.rb:217:in `start'
/home/my_user/.rvm/gems/ruby-2.0.0-p195@rails3213/gems/sshkit-1.3.0/lib/sshkit/backends/connection_pool.rb:25:in `create_or_reuse_connection'
/home/my_user/.rvm/gems/ruby-2.0.0-p195@rails3213/gems/sshkit-1.3.0/lib/sshkit/backends/netssh.rb:173:in `ssh'
[...]

What is wrong here?

[Lee Hambley]

Did you correctly read and follow http://capistranorb.com/documentation/getting-started/authentication-and-authorisation/ ?

Lee Hambley

--

http://lee.hambley.name/

+49 (0) 170 298 5667

--
You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/f0a4e2df-fa7f-4157-97b0-002cc36410f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[John]

@ Lee:

Yes, I have just re-read/checked the section "1. From our workstation/notebook/etc to our servers".

Given the error when executing the mentioned test task, the section "2. From our servers to the repository host" is not concerned here (also, the git repository is located on the production server itself, so no additional "repository host" and authentication).

And as mentioned, ssh'ing into this production server has always worked without any issue...

[Vell]

This problem has also just popped up for me as well. It appears from my research that there is an issue with net-ssh 2.8.0. 2.7.0 seems to work fine but I have not way to test this since I don't know how to lock capistrano 3.1 into using a different version of net-ssh. 

In IRB I have verified that if I have net-ssh 2.8.0 installed and trying to use it to connect to my remote CENTOS 6.5 server that I get the same error. But if I uninstall 2.8.0 and install 2.7.0 and connect to that same CENTOS server that I am prompted for my password to connect (since I am not using ssh keys yet). 

The interesting thing is, if I connect to my localhost (mac os x 10.9), I don't run into this problem with net-ssh 2.8.0. It works as expected. So when I was testing my capistrano code on my localhost I didn't see this problem. The moment I tried to test this on my CENTOS system it didn't work.

[John]

After spending most of the day on this, it turns out the (my?) conclusion is:

Basically, v2.8.0 of the gem "net-ssh" was borked, so you'll need 2.8.1 (which is NOT yet on rubygems.org). So:

1. Uninstall all available net-ssh gems:
  
   gem uninstall net-ssh
   (then confirm "all"...)
  
2. Put this in your Gemfile:
  
   gem 'net-ssh', '~> 2.8.1', :git => "https://github.com/net-ssh/net-ssh"

3. Run:
  
   bundle install
   bundle update net-ssh

And, as a bonus, always make sure none of your permissions re SSH haven't been borked somehow in the meantime, run so on your server (if you have a user "deploy" on a host "myhost"):

  root@myhost ~ # chmod go-w /home/deploy
  root@myhost ~ # chmod 700 /home/deploy/.ssh
  root@myhost ~ # chmod 600 /home/deploy/.ssh/authorized_keys

[Vell]

On Wednesday, April 2, 2014 1:47:13 PM UTC-4, John wrote:

After spending most of the day on this, it turns out the (my?) conclusion is:

Basically, v2.8.0 of the gem "net-ssh" was borked, so you'll need 2.8.1 (which is NOT yet on rubygems.org). So:

1. Uninstall all available net-ssh gems:
  
   gem uninstall net-ssh
   (then confirm "all"...)
  
2. Put this in your Gemfile:
  
   gem 'net-ssh', '~> 2.8.1', :git => "https://github.com/net-ssh/net-ssh"

3. Run:
  
   bundle install
   bundle update net-ssh

I got to this point and see that bundle shows my app using net-ssh 2.8.1 but when I do a gem list net-ssh or try to require 'net/ssh', i get that the gem doesn't exist:

Lovells-MacBook-Pro:online_community lovell$ gem list net-ssh

*** LOCAL GEMS ***

Lovells-MacBook-Pro:online_community lovell$ irb

2.0.0-p451 :001 > require 'net/ssh'

LoadError: cannot load such file -- net/ssh

weird.

[John]

I assume that's because of the

   :git => "https://github.com/net-ssh/net-ssh"

I noticed this gem was saved in a folder "bundler", not with the other gems. Should be a detail, as long as it works...

[Vell]

On Wednesday, April 2, 2014 2:05:46 PM UTC-4, John wrote:

I assume that's because of the

   :git => "https://github.com/net-ssh/net-ssh"

OK. I compiled manually since I needed this outside of my bundler folder. Steps below for anyone else that needs them.

1. git clone https://github.com/net-ssh/net-ssh
   
2. cd net-ssh
   
3. gem install jeweler  #this was a dependency needed
   
4. gem build net-ssh.gemspec
   
5. gem install net-ssh-2.8.1.gem
   

Thanks John for the workaround.

[Vell]

On Wednesday, April 2, 2014 2:23:40 PM UTC-4, Vell wrote:

On Wednesday, April 2, 2014 2:05:46 PM UTC-4, John wrote:

I assume that's because of the

   :git => "https://github.com/net-ssh/net-ssh"

OK. I compiled manually since I needed this outside of my bundler folder. Steps below for anyone else that needs them.

1. git clone https://github.com/net-ssh/net-ssh
   
2. cd net-ssh
   
3. gem install jeweler  #this was a dependency needed
   
4. gem build net-ssh.gemspec
   
5. gem install net-ssh-2.8.1.gem
   

Thanks John for the workaround.

 

My issue still persists even with version 2.8.1. Though now, Im able to connect to my remote server using IRB and requiring 'net/ssh'. Attempting to use capistrano results in the same failure error.

[John]

Just a guess - maybe you forgot to...

   bundle update net-ssh

...after "bundle install"? Because in this case, your Gemfile.lock file would not have been updated to use v.2.8.1 (you might want to have a look at the version "locked" in there..)

[Vell]

i did make sure to double check that. My errors are definitely coming from v2.8.1. There must be something I am missing. I will create a test rails app and re generate all the cap files and see if I still run into issues.

Sent from my iPad

--

You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/121eba9a-b31d-4011-8ef9-970256c4ad64%40googlegroups.com.

[Vell]

I was not able to get net-ssh to prompt me for a password but at can use ssh keys so I am still able to do what I need to do.

To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+unsubscribe@googlegroups.com.

[Kleber Shimabuku]

You have to add your public ssh keys to the server.

In just one command, it would be something like this:

$ cat .ssh/id_rsa.pub | ssh hostname 'cat >> .ssh/authorized_keys'

Hope that helps!

[jaswinder]

Please retry the deployment after restarting you local system as your identity hasn't been added to know hosts.

[jaswinder]

Please restart your system first and then try for once.

On Wednesday, April 2, 2014 at 5:45:53 PM UTC+5:30, John wrote:

[Taimoor Qureshi]

I'm running into this same issue after following the instructions on this page:

https://www.digitalocean.com/community/tutorials/deploying-a-rails-app-on-ubuntu-14-04-with-capistrano-nginx-and-puma

The only thing I've changed is the details of my server and my user. When i ssh into the machine i am able to get in without entering a password (i've used ssh-copy to transfer my key), but when i try to do cap production deploy:initial --trace I get the following error:

** Invoke production (first_time)

** Execute production

** Invoke load:defaults (first_time)

** Execute load:defaults

** Invoke bundler:map_bins (first_time)

** Execute bundler:map_bins

** Invoke deploy:set_rails_env (first_time)

** Execute deploy:set_rails_env

** Invoke deploy:set_linked_dirs (first_time)

** Execute deploy:set_linked_dirs

** Invoke deploy:set_rails_env 

** Invoke rvm:hook (first_time)

** Execute rvm:hook

cap aborted!

Net::SSH::AuthenticationFailed: Authentication failed for user dep...@myserver.com

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/net-ssh-3.2.0/lib/net/ssh.rb:249:in `start'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/connection_pool.rb:59:in `call'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/connection_pool.rb:59:in `with'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/netssh.rb:155:in `with_ssh'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/netssh.rb:108:in `execute_command'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/abstract.rb:141:in `block in create_command_and_execute'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/abstract.rb:141:in `tap'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/abstract.rb:141:in `create_command_and_execute'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/abstract.rb:55:in `test'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/capistrano-rvm-0.1.2/lib/capistrano/tasks/rvm.rake:21:in `block (3 levels) in <top (required)>'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/abstract.rb:29:in `instance_exec'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/backends/abstract.rb:29:in `run'

/Users/myuser/.rvm/gems/ruby-2.3.1/gems/sshkit-1.11.2/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'

Tasks: TOP => rvm:hook

I've seen other issues talk about net-ssh version 2.8.0 being broken but I'm on 3.2.0 so wondering if anyone knows what the problem could be?

[jaswinder]

Can you please try to add your SSH identity to your local machine.I mean just re-add it using SSH agent.