使用带有密钥的ssh进行部署,而无需提供私钥的密码(ssh-agent) [英] Deployment using ssh with key without providing passphrase for private key (ssh-agent)
问题描述
在谈到私钥的密码短语时,Capistrano和Rocketeer的区别在哪里?
我已经正确设置了Capistrano和Rocketeer部署策略并可以正常工作. Capistrano允许 ssh-agent提供密码-看起来像Rocketeer却没有.问题不是关于如何,而是为什么需要密码短语.
I already have both Capistrano and Rocketeer deployment strategies set up properly and working. Capistrano lets ssh-agent provide the passphrase - Rocketeer, as it seems, does not. The question is not about how but why the passphrase is needed.
背景:
我想使用火箭手来部署Laravel应用程序而不是Capistrano.似乎将SSH连接委托给Laravel.
I want to use Rocketeer for deployment of a Laravel application instead of Capistrano. It seems as if it delegates the SSH connection to Laravel.
在配置中仅设置了远程服务器的名称并运行检查之后,在提示输入凭据后,Rocketeer将所需的密码和我想要的私钥的路径存储在非版本控制的文件中.
After setting only the remote server's name in the configuration and running a check, after some prompts for credentials Rocketeer stores the needed passphrase and the path to my desired private key in a non-version-controlled file.
我不想在磁盘上存储用于建立SSH连接的凭据-特别是不是到我的任何私钥的密码.
I do not want to have credentials for establishing a SSH connection stored on my disk - especially not the passphrase to any of my private keys.
那么,为什么只需要服务器名称呢?
So, why is anything more than the server's name required?
我看到Laravel在其远程配置中准备了这些字段-我只是找不到最终负责哪个组件,以及为什么它不能完全将SSH连接留给系统本身.
I see that Laravel has those fields prepared in its remotes config - I just could not find out which component is responsible eventually and why it does not leave the SSH connection completely to the system itself.
是 Rocketeer , Laravel , Symfony , phpseclib 甚至是 php 本身是否需要建立SSH连接所需的大量信息?
Is it Rocketeer, Laravel, Symfony, phpseclib or even php itself underneath that needs that many information for establishing a SSH connection?
推荐答案
Laravel缺少phpseclib的ssh-agent的实现,它需要大量信息才能建立SSH连接.
It's Laravel's missing implementation of phpseclib's ssh-agent that requires that many information for establishing a SSH connection.
这就是为什么Rocketeer不允许Capistrano依赖用户名/密码和私钥/密码验证旁边的ssh-agent.
That's why Rocketeer does not allow to rely on the ssh-agent next to username/password and privatekey/passphrase authentication as does Capistrano.
提案被已声明和使用ssh-agent代替显式密钥的未记录实现.
A proposal was stated and merged to include phpseclib's undocumented implementation for using the ssh-agent instead of an explicit key.
Rocketeer将从中受益,因为它依赖于Laravel中phpseclib的上述实现.
Rocketeer would profit from this as it relies on said implementation of phpseclib in Laravel.
(感谢@ hannesvdvreken,@ ThomasPayer和@passioncoder指向正确的方向)
(Thanks to @hannesvdvreken, @ThomasPayer and @passioncoder for pointing in the right directions)
这篇关于使用带有密钥的ssh进行部署,而无需提供私钥的密码(ssh-agent)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!