git Capistrano 和几个 SSH 密钥
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7154161/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Capistrano and several SSH keys
提问by MrB
I need Capistrano to use 2 different SSH keys. One is for the git repository, one is for the server to deploy to.
我需要 Capistrano 使用 2 个不同的 SSH 密钥。一个用于 git 存储库,一个用于要部署到的服务器。
Whichever key I rename to id_rsa in my .ssh folder, works. The other one doesn't. If I rename the git key to id_rsa, Capistrano can connect to the git repository, but then can't authenticate at the server to deploy. If I call it something else, it will not be able to connect to the git repo. I know that the other key works, cause I can do ssh -i ~/.ssh/otherKey.pem and it will successfully connect to the server.
无论我在 .ssh 文件夹中将哪个键重命名为 id_rsa,都可以使用。另一个没有。如果我将 git 密钥重命名为 id_rsa,Capistrano 可以连接到 git 存储库,但无法在服务器上进行身份验证以进行部署。如果我将其称为其他名称,它将无法连接到 git 存储库。我知道另一个密钥有效,因为我可以执行 ssh -i ~/.ssh/otherKey.pem 并且它将成功连接到服务器。
This is what I have in my deploy.rb Capistrano file.
这就是我的 deploy.rb Capistrano 文件中的内容。
ssh_options[:keys] = [
File.join(ENV["HOME"], ".ssh", "id_rsa"),
File.join(ENV["HOME"], ".ssh", "deploy")
]
ssh_options[:forward_agent] = true
How can I tell Capistrano to use BOTH the keys? It only seems to use the one called id_rsa.
我如何告诉 Capistrano 使用这两个键?它似乎只使用名为 id_rsa 的那个。
edit:
编辑:
Here's the output from Capistrano with the error message:
这是 Capistrano 的输出和错误消息:
$ cap yii deploy
* executing `yii'
Yii
* executing `deploy'
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
executing locally: "git ls-remote [email protected]:/projectyii.git HEAD"
* executing "git clone -q [email protected]:/projectyii.git /var/www/projectyii-trunk/releases/20110824174629 && cd /var/www/projectyii-trunk/releases/20110824174629 && git checkout -q -b deploy 5e14521285ca04a605353e97bdf31c3a2889dbfb && (echo 5e14521285ca04a605353e97bdf31c3a2889dbfb > /var/www/projectyii-trunk/releases/20110824174629/REVISION)"
servers: ["yii.project.com"]
[yii.project.com] executing command
** [yii.project.com :: err] Error reading response length from authentication socket.
** [yii.project.com :: err] Permission denied (publickey,keyboard-interactive).
** [yii.project.com :: err] fatal: The remote end hung up unexpectedly
command finished
*** [deploy:update_code] rolling back
* executing "rm -rf /var/www/projectyii-trunk/releases/20110824174629; true"
servers: ["yii.project.com"]
[yii.project.com] executing command
command finished
failed: "sh -c \"git clone -q [email protected]:/projectyii.git /var/www/projectyii-trunk/releases/20110824174629 && cd /var/www/projectyii-trunk/releases/20110824174629 && git checkout -q -b deploy 5e14521285ca04a605353e97bdf31c3a2889dbfb && (echo 5e14521285ca04a605353e97bdf31c3a2889dbfb > /var/www/projectyii-trunk/releases/20110824174629/REVISION)\"" on yii.project.com
edit:
编辑:
Another thing: it totally works fine from my local machine, just not on the deploy server - with exactly the same config files! It seems Capistrano uses the correct keys on my local machine, but not on the deploy machine.
另一件事:它在我的本地机器上完全正常,只是不在部署服务器上 - 使用完全相同的配置文件!Capistrano 似乎在我的本地机器上使用了正确的密钥,但在部署机器上却没有。
回答by Pa?lo Ebermann
Disclaimer: I don't know anything about Capistrano.
免责声明:我对 Capistrano 一无所知。
If it simply does normal sshcalls (or calls gitto do this), you can configure the right key to use in your ~/.ssh/configon a per-host (or per-host-alias) basis.
如果它只是执行正常ssh调用(或调用git执行此操作),您可以配置正确的密钥以在~/.ssh/config每个主机(或每个主机别名)的基础上使用。
For example, I have these lines in my ~/.ssh/configfile:
例如,我的~/.ssh/config文件中有这些行:
# Git bei Github
Host github.com
User git
IdentityFile ~/.ssh/svn_id_rsa
# Andere Mathe-Hosts
Host *.math.hu-berlin.de
User ebermann
IdentityFile ~/.ssh/id_rsa
ControlMaster auto
回答by Victor Pudeyev
I have this line in deploy.rb:
我在 deploy.rb 中有这一行:
ssh_options[:keys] = %w(/Users/victor.pudeyev/ec2/MBP-2.pem)
This suggests that the key filenames are space separated, e.g.
这表明关键文件名是空格分隔的,例如
ssh_options[:keys] = %w(/Users/victor.pudeyev/ec2/MBP-1.pem /Users/victor.pudeyev/ec2/MBP-2.pem)
回答by James
I had this problem and had ssh forwarding set in the capfile. Removing that, allowed the target box to use its own keys
我遇到了这个问题,并且在 capfile 中设置了 ssh 转发。删除它,允许目标框使用自己的密钥
回答by troelskn
A bit late to the party here, but one option is to use a bit of ruby glue to detect which file to use:
这里的聚会有点晚了,但一种选择是使用一点红宝石胶水来检测要使用的文件:
['~/.ssh/onekey.pem','~/.ssh/id_rsa'].each do |name|
if File.exists?(File.expand_path(name))
ssh_options[:keys] ||= name
end
end
