Enable SSH agent forwarding for Capistrano
Having to repeatedly enter passwords is a drag. And enabling password based SSH login to your SVN servers is a security risk. So I’m pretty excited that Chris Andrews implemented SSH agent forwarding into net-ssh-1.1.0.
Update to the latest version of net-ssh with:
sudo gem update net-ssh
To enable it, put the following into your ~/.caprc:
ssh_options[:forward_agent] = true
This stopped me getting prompted for a password by my subversion every time I ran ‘cap deploy’.
Mike, what about postgresql support for deprec?
Cap2, may come soon, may also not…
Comment by Valery — June 13, 2007 @ 7:13 pm
I take it this will send your local key through the production server to the svn server. I already have my local key on the subversion server also, but for a new deploy need to get the new key from the production server to the subversion server. Is there a way to use ssh-copy-id in a capistrano task to do this? I tried, but it hangs after asking for the password. I was able to used send_data to get it to accept the subversion server and add it to its known_hosts, but it would not let me program in the password or allow me to enter it. I have not found much regarding allowing capistrano to pass data back and forth. Everything I’ve read is to pass one time data (like a password) but not to have an open session. Not sure if that makes sense but was up late last night trying to get this working.
Comment by Bill — June 22, 2007 @ 11:51 am
Bill,
ssh-agent forwarding doesn’t copy your private key out to another server and I wouldn’t recommend you put a copy of your private key on any machine other than your workstation.
Here’s an illustrated explanation of how it works:
http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
- Mike
Comment by mbailey — June 24, 2007 @ 7:38 am
Thanks Mike. That explains it. I was not aware the ssh-copy-id was putting my private key out there, I had assumed (and should have checked) that it was using my public key. I’ll look into that.
My other reason for trying to see if capistrano would take multiple inputs was so I can configure mysql but I guess I can just ssh to the server and run the commands I need.
Comment by Bill — June 26, 2007 @ 12:32 am
Hello
Great book. I just want to say what a fantastic thing you are doing! Good luck!
Bye
Comment by tovorinok — July 5, 2007 @ 4:54 am
Give Female Pheromones for a fun gift:
Going to a bachelorette party and want to surprise your friends? See how amused they are when you give it to them and then when they actually use it on their husband to be… That might be the perfect thing to fire up that special evening for the newlywed couple.
<a href="http://www.kopetl.com/r/" rel="nofollow">Visit our website now to check out the huge discount sale going on right now! Hurry though as discount specials will be discontinued within the next few days!</a>
Other products - http://kopetl.com
Comment by Innodydrurb — June 13, 2008 @ 1:47 am