identityFile() does not work without also calling forwardAgent()
Closed this issue · 4 comments
khromov commented
| Q | A |
|---|---|
| Issue Type | Bug |
| Deployer Version | 3.2.1 |
| Local Machine OS | OSX Yosemite |
| Remote Machine OS | Ubuntu 14.04 |
Description
Using SSH key auth. For some reason when you use ->identityFile() you get an error when connecting about auth failing (see below).
However if you add ->forwardAgent() it starts working. Of course the key has been added on the remote and regular ssh command works.
Steps to reproduce
Run any dep command.
Content of deploy.php
<?php
require 'recipe/common.php';
// Set configurations
set('repository', 'ssh://hello@server:1234/khromov/tedx.git');
set('shared_files', []);
set('shared_dirs', []);
set('writable_dirs', []);
// Configure servers
server('production', 'server1')
->user('root')
->identityFile()
//->forwardAgent()
->env('deploy_path', '/var/www/tedx/htdocs');
/**
* Main task
*/
task('deploy', [
'deploy:prepare',
'deploy:release',
'deploy:update_code',
'deploy:shared',
'deploy:writable',
'deploy:symlink',
'cleanup',
])->desc('Deploy your project');
after('deploy', 'success');Output log
➜ tedx git:(master) ✗ ./dep current -vvv
➤ Executing task current
↳ on [production]
> cd /var/www/tedx/htdocs && readlink /var/www/tedx/htdocs/current
[RuntimeException]
Unable to login with the provided credentials.
Exception trace:
() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Server/Remote/PhpSecLib.php:89
Deployer\Server\Remote\PhpSecLib->connect() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Server/Remote/PhpSecLib.php:99
Deployer\Server\Remote\PhpSecLib->checkConnection() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Server/Remote/PhpSecLib.php:108
Deployer\Server\Remote\PhpSecLib->run() at phar:///Users/stakhr/VVV/www/tedx/dep/src/functions.php:296
run() at phar:///Users/stakhr/VVV/www/tedx/dep/recipe/common.php:397
{closure}() at n/a:n/a
call_user_func() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Server/Environment.php:101
Deployer\Server\Environment->get() at phar:///Users/stakhr/VVV/www/tedx/dep/src/functions.php:573
env() at phar:///Users/stakhr/VVV/www/tedx/dep/recipe/common.php:404
{closure}() at n/a:n/a
call_user_func() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Task/Task.php:79
Deployer\Task\Task->run() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Executor/SeriesExecutor.php:43
Deployer\Executor\SeriesExecutor->run() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Console/TaskCommand.php:82
Deployer\Console\TaskCommand->execute() at phar:///Users/stakhr/VVV/www/tedx/dep/vendor/symfony/console/Command/Command.php:256
Symfony\Component\Console\Command\Command->run() at phar:///Users/stakhr/VVV/www/tedx/dep/vendor/symfony/console/Application.php:791
Symfony\Component\Console\Application->doRunCommand() at phar:///Users/stakhr/VVV/www/tedx/dep/vendor/symfony/console/Application.php:186
Symfony\Component\Console\Application->doRun() at phar:///Users/stakhr/VVV/www/tedx/dep/vendor/symfony/console/Application.php:117
Symfony\Component\Console\Application->run() at phar:///Users/stakhr/VVV/www/tedx/dep/src/Deployer.php:101
Deployer\Deployer->run() at phar:///Users/stakhr/VVV/www/tedx/dep/bin/dep:63
require() at /Users/stakhr/VVV/www/tedx/dep:4
current [-p|--parallel]
oanhnn commented
Please check you key. Compare 2 commands output
$ ssh -i /path/to/you/key -v root@server1
and
$ ssh -A -v root@server1
Out put will show what key you used.
khromov commented
The output differs slightly depending on the command but it looks like the same key is used? @oanhnn Does the debug log below give any insight into the problem?
Without agent forwarding:
➜ tedx git:(master) ✗ ssh -i /Users/stakhr/.ssh/id_rsa -v root@s1.site.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to s1.site.com [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /Users/stakhr/.ssh/id_rsa type 1
debug1: identity file /Users/stakhr/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 35:f8:d1:b0:6e:be:1e:6c:90:ec:fe:6c:49:5d:14:e8
debug1: Host 's1.site.com' is known and matches the RSA host key.
debug1: Found key in /Users/stakhr/.ssh/known_hosts:53
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/stakhr/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to s1.site.com ([1.2.3.4]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
With agent forwarding:
➜ tedx git:(master) ✗ ssh -A -v root@s1.site.com
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to s1.site.com [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /Users/stakhr/.ssh/id_rsa type 1
debug1: identity file /Users/stakhr/.ssh/id_rsa-cert type -1
debug1: identity file /Users/stakhr/.ssh/id_dsa type -1
debug1: identity file /Users/stakhr/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 35:f8:d1:b0:6e:be:1e:6c:90:ec:fe:6c:49:5d:14:e8
debug1: Host 's1.site.com' is known and matches the RSA host key.
debug1: Found key in /Users/stakhr/.ssh/known_hosts:53
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/stakhr/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to s1.site.com ([1.2.3.4]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
khromov commented
Any news on this?
oanhnn commented
Compare to 2 log files
$ diff log2.txt log1.txt
1c1
< ➜ tedx git:(master) ✗ ssh -A -v root@s1.site.com
---
> ➜ tedx git:(master) ✗ ssh -i /Users/stakhr/.ssh/id_rsa -v root@s1.site.com
9,10d8
< debug1: identity file /Users/stakhr/.ssh/id_dsa type -1
< debug1: identity file /Users/stakhr/.ssh/id_dsa-cert type -1
41d38
< debug1: Requesting authentication agent forwarding.
I will research more.