Solving Some SSH Issues For Deploying Rails Apps
So you think “The Rails Life” is all unicorns, rainbows and glitter? Yeah. Guess again. Right now it feels more like a glitter cannon shredding a unicorn into a rainbow colored bloody pulp…
Joey and I are deploying our rails app with Vlad The Deployer. It’s a pretty sweet little deployment setup. He’s been doing the deployments, so far, but today I wanted to do a deploy. After adding my ssh key to my account on the server so that I could ssh into the server without requiring a username / password, we ran into some troubles. Note that these troubles were not related to Vlad itself but related to getting my SSH keys working with the server and with Github where our code is hosted.
Username Is Different On Local Machine And Server
My local machine (OSX) runs me with a username of “derickbailey”. When I attempted to log into our server via ssh, I was prompted with a request to log in as derickbailey@my.server.com. However, on the server my username is “derick”. The easy answer here to to ssh with username@server, right?
Well, the only way to do that with vlad is to put the username into the ssh_flags option, in the deploy.rb file:
# {Rails.root}/config/deploy.rbset :ssh_flags, "-l derick"
This isn’t a good solution because joey’s account name is not “derick”… obviously 🙂 … and we don’t want to hard code the user that we’re using to do the deploys. We want to have the logging and security and other neat things that come along with separate accounts.
After some searching, I found this blog post that talks about SSH agent forwarding. The majority of the article may not have been applicable to me, it talked about creating a config file for ssh.
On my local machine, I a file called ~/.ssh/config and put this into it:
# ~/.ssh/configHost my.server.comHostName my.server.comUser derickIdentityFile ~/.ssh/id_rsa.pubForwardAgent yes
Now that I have this set up, I can do “ssh my.server.com” (without specifying a username@) and it will pull the correct username and rsa key for the server, logging me in automatically. This alows Vlad to do the same and we can leave the ssh_flags out of the deploy settings.
Github’s And My SSH Key
We have to use the git@github.com ssh configuration for our remote because ours is a private repository. But I ran into another problem after getting my ssh config file setup:
$ rake vlad:deploy(in /Users/derickbailey/dev/vitalkey/vitalkey)Host key verification failed.fatal: The remote end hung up unexpectedlyrake aborted!execution failed with status 128
At first I thought it was my ssh key failing against my server. Joey noted that it was likely an issue with connecting to github, though.
One thing that is very important here: the ssh key that I put on our server is the same ssh key that I use on github. This allows me to transparently log into the server via ssh and then perform git remote commands to our github repository. But it’s obviously not working at this point.
Another search brought me to this blog post where the author noted the same problem I was having (though he’s not using github). The solution to this is fairly simple:
- ssh from my machine into my server
- create a temp folder
- clone our git repository from github to the temp folder
- when git prompts me with an authenticity issue, accept the ssh key
Easy enough:
$ ssh my.server.comderick@my.server.com:~$ mkdir codederick@my.server.com:~$ cd codederick@my.server.com:~/code$ git clone git@github.com:some_user/some_repo.git .Initialized empty Git repository in /home/derick/code/.git/The authenticity of host 'github.com (207.97.227.239)' can't be established.RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts.
Vlad Deploys … Are Still Awesome
Start with the standard SSH setup on our server, creating a user account for me, as assigning permissions to everything I need. Then add my ssh key to the server, setup my local ssh config file and accept the ssh key from github while logged into the server as me, and I can now run
rake vlad:deploy
from my local machine, and deploy our site to our server.
Simple, right? … right? … *sigh*… but now that it works, it is pretty darn awesome. Automation is an absolute must, even if you have a napalm your way through a forest full of SSH issues to get there.