Deployment: how to add SSH options to tty-command?

18 views
Skip to first unread message

Dave Everitt

unread,
Jul 7, 2025, 12:08:19 PMJul 7
to nanoc
I have a site using an older version of Debian, and have been deploying to a git repo using SSH keys:

"remote: ssh://USERNAME@IP_ADDRESS:PORT/home/USER/code.git"

I set up an SSH config file to add options for the rsa keys on the old server, and "ssh NAME" logs me in to USERNAME fine:

Host NAME
  HostName IP_ADDRESS
  User USERNAME
  Port PORTNUM
  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedKeyTypes +ssh-rsa

However, it seems Nanoc uses the tty-command gem, so those options (normally added with an "-o" flag to the SSH command) aren’t seen by the gem and I get:

"no matching host key type found. Their offer: ssh-rsa,ssh-dss"
...
"/gems/3.4.0/gems/tty-command-0.10.1/lib/tty/command.rb:106:in 'TTY::Command#run'"

How can I add the same SSH options for tty-command to the Nanoc "deploy" block? I tried (e.g.) adding:

"option: HostKeyAlgorithms +ssh-rsa"

But no.

Denis Defreyne

unread,
Jul 8, 2025, 4:33:02 AMJul 8
to na...@googlegroups.com
Hi Dave,

As Nanoc delegates to the `git push` command, this is possibly more of an issue with `git` or the way it is configured. This is what Nanoc runs under the hood:

run_cmd_unless_dry(%W[git push #{remote} #{branch}])


To debug this, I would `cd` into the `output` directory and run `git push origin master` (adjusting the name of the remote and branch as needed). That is the command that Nanoc runs under the hood. For example:

git push ssh://USERNAME@IP_ADDRESS:PORT/home/USER/code.git master

Could it be that the remote in the Nanoc configuration needs to be updated to match the name that is specified in the SSH configuration file? E.g. in the Nanoc site configuration:

remote: ssh://USERNAME@NAME/home/USER/code.git

Hope this helps,

--
You received this message because you are subscribed to the Google Groups "nanoc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nanoc+un...@googlegroups.com.

Dave Everitt

unread,
Jul 9, 2025, 10:07:19 AMJul 9
to nanoc
thanks Denis, that helps to see the process. However, my problem remains and—since it’s either/both a server and/or tty-command gem issue—I rephrased the question and posted it on Server Fault - in case you want to take a look.

The old Debian server is overdue for an update, but it’s too much to deal with right now as the sites on there also need work!

Dave Everitt

unread,
Jul 15, 2025, 5:04:24 PMJul 15
to nanoc
I’m adding the solution here, in case anyone else comes across the outmoded host key issue. This requires a bare git repo on the server, set up under the username with an executable file in "username/code.git/hooks/post-receive" to move the HTML files git pushed by Nanoc to the website root.

1. In "~/.ssh/config" (create the "config" file if it doesn’t exist), set up a shortcut with your choice of name for "SERVERNAME" to connect to the problematic server, adding the necessary host keys options like this:

Host SERVERNAME

  HostName IP_ADDRESS
  User USERNAME
  Port PORTNUM
  HostKeyAlgorithms +ssh-rsa
  PubkeyAcceptedKeyTypes +ssh-rsa

2. Test it on the command line by connecting to the server with: ssh SERVERNAME

3. In Nanoc’s "config.yaml" file, specify the connection like this, where "PATH_TO" is the absolute path to the git repo from the server root (usually something like "/home/username/code.git"):

remote: ssh://SERVERNAME/PATH_TO/code.git

SSH will then apply the host key options from the "/.sss/config" file when Nanoc initiates the "git push" to deploy.

Denis Defreyne

unread,
Jul 16, 2025, 9:37:28 AMJul 16
to na...@googlegroups.com
Glad you got it resolved, and thanks for sharing!
--
You received this message because you are subscribed to the Google Groups "nanoc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nanoc+un...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages