尽管有SSH密钥，Capistrano在部署时仍要求输入密码 [英] Capistrano asks for password when deploying, despite SSH keys

问题描述

我的ssh密钥肯定设置正确，因为使用ssh时不会提示我输入密码。但是，在使用 cap deploy 进行部署时，capistrano仍然要求输入密码。但是，当我使用 cap deploy：setup 进行设置时，它不需要输入密码。

详细信息：我正在将Sinatra应用程序部署到Dreamhost共享帐户（使用Passenger）。我遵循了做这么长时间的教程，该教程在当时非常有效。此后发生了什么事。我正在使用capistrano（2.5.9）和git版本1.6.1.1。这是我的Capfile：

 如果response_to加载'deploy'？（：namespace）＃cap2区分符
 
 set：user，'ehsanul'
 set：domain，'jellly.com'
 
 default_run_options [：pty] = true 
 
＃其余的应该不错
设置：存储库， ehsanul@jellly.com：git / jellly.git 
设置：deploy_to， / home / ehsanul / jellly.com 
设置：deploy_via，：remote_cache 
 set：scm，'git'
 set：branch，'deploy'
 set：git_shallow_clone，1 
 set：scm_verbose，true 
 set：use_sudo，false 
 
服务器域，：app，：web 
 
命名空间：deploy do 
任务：migrate do 
运行 cd＃{current_path}; / usr / bin /耙迁移环境=生产 
结束
任务：restart do 
运行 touch＃{current_path} /tmp/restart.txt 
结束
结束
 
在 deploy之后， deploy：migrate 
  

这是输出的内容发生在我 cap deploy 时，直到出现密码提示：

  $ cap部署
 *执行`deploy'
 *执行`deploy：update'
 **事务：开始
 *执行` deploy：update_code'
更新在本地执行的所有服务器
上缓存的签出： git ls-remote ehsanul@jellly.com：git / jellly.git deploy 
 / usr / local / bin / git 
 *执行如果[-d /home/ehsanul/jellly.com/shared/cached-copy];然后cd /home/ehsanul/jellly.com/shared/cached-copy&& git fetch origin&& git reset --hard ea744c77b0b939d5355ba2dc50ef1ec85f918d66&& git clean -d -x -f;否则git clone --depth 1 ehsanul@jellly.com：git / jellly.git /home/ehsanul/jellly.com/shared/cached-copy&& cd /home/ehsanul/jellly.com/shared/cached-copy&& git checkout -b部署ea744c77b0b939d5355ba2dc50ef1ec85f918d66; fi 
服务器：[ jellly.com] 
 [jellly.com]执行命令
 ** [jellly.com :: out] ehsanul@jellly.com的密码：
密码：
 ** [jellly.com ::出] 
 ** [jellly.com ::出]远程：计数对象：7，已完成。
远程：压缩对象：100 ％（4/4），已完成。
  

可能会发生什么？

解决方案

密码提示是因为您要部署到的服务器正在连接到git服务器并需要进行身份验证。因为您的本地计算机（您在其中部署来自）已经具有有效的ssh密钥，请通过在您的Capfile中启用转发来使用该密钥：

  set ：ssh_options，{：forward_agent => true} 
  

从本地计算机转发身份验证的时间为部署服务器尝试连接到您的git服务器。

这比将私钥放到部署服务器上要好得多！ / p>

当服务器重新启动时，另一种绕过密码提示的方法是告诉capistrano不要这样做。感谢Daniel Quimper的 capistrano-site5 github存储库的自述文件部分，以下：

  set：deploy_via，：copy 
  

显然，这适用于应用程序和git存储库都托管在同一主机上的情况。但是我想我们当中有些人正在这样做：）

My ssh keys are definitely set up correctly, as I'm never prompted for the password when using ssh. But capistrano still asks for a password when deploying with cap deploy. It doesn't ask for the password when I setup with cap deploy:setup though, strangely enough. It would make the deployment cycle so much smoother without a password prompt.

Specifics: I'm deploying a Sinatra app to a Dreamhost shared account (which uses Passenger). I had followed a tutorial for doing so long back, which worked perfectly back then. Something broke since. I'm using capistrano (2.5.9) and git version 1.6.1.1. Here's my Capfile:

load 'deploy' if respond_to?(:namespace) # cap2 differentiator

set :user, 'ehsanul'
set :domain, 'jellly.com'

default_run_options[:pty] = true

# the rest should be good
set :repository,  "ehsanul@jellly.com:git/jellly.git"
set :deploy_to, "/home/ehsanul/jellly.com"
set :deploy_via, :remote_cache
set :scm, 'git'
set :branch, 'deploy'
set :git_shallow_clone, 1
set :scm_verbose, true
set :use_sudo, false

server domain, :app, :web

namespace :deploy do
  task :migrate do
    run "cd #{current_path}; /usr/bin/rake migrate environment=production"
  end
  task :restart do
    run "touch #{current_path}/tmp/restart.txt"
  end
end

after "deploy", "deploy:migrate"

And here's the output of what happens when I cap deploy, upto the password prompt:

$ cap deploy
  * executing `deploy'
  * executing `deploy:update'
 ** transaction: start
  * executing `deploy:update_code'
    updating the cached checkout on all servers
    executing locally: "git ls-remote ehsanul@jellly.com:git/jellly.git deploy"
/usr/local/bin/git
  * executing "if [ -d /home/ehsanul/jellly.com/shared/cached-copy ]; then cd /home/ehsanul/jellly.com/shared/cached-copy && git fetch  origin && git reset  --hard ea744c77b0b939d5355ba2dc50ef1ec85f918d66 && git clean  -d -x -f; else git clone  --depth 1 ehsanul@jellly.com:git/jellly.git /home/ehsanul/jellly.com/shared/cached-copy && cd /home/ehsanul/jellly.com/shared/cached-copy && git checkout  -b deploy ea744c77b0b939d5355ba2dc50ef1ec85f918d66; fi"
    servers: ["jellly.com"]
    [jellly.com] executing command
 ** [jellly.com :: out] ehsanul@jellly.com's password:
Password:
 ** [jellly.com :: out]
 ** [jellly.com :: out] remote: Counting objects: 7, done.
remote: Compressing objects: 100% (4/4), done.

What could be broken?

解决方案

The password prompt is because the server you are deploying to is connecting to the git server and needs authentication. Since your local machine (where you are deploying from) already has a valid ssh-key, use that one by enabling forwarding in your Capfile:

set :ssh_options, {:forward_agent => true}

That forwards the authentication from your local machine through when the deployment server tries to connect to your git server.

This is much preferred to putting your private key out on the deployment server!

Another way of getting around the password prompt when the server is ssh'ing back on itself is to tell capistrano not to do so. Thanks to the 'readme' section for Daniel Quimper's capistrano-site5 github repo, we note the following:

set :deploy_via, :copy

Obviously, this works for the case where both the app and git repository are being hosted on the same host. But I guess some of us are doing that :)

这篇关于尽管有SSH密钥，Capistrano在部署时仍要求输入密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！