Thank you! Your feedback has been delivered
Thank you! Your feedback has been sent

ssh -A not working

This question was posted through the quick post service. Please let me know what info can help you solve it.

I am mac lion following http://capistranorb.com/documentation/getting-started/authentication-and-authorisation/ documentation i have determined that my keys are indeed on the remote server and i have also added the remote server to Hosts list in my ssh config file but it seems ssh forwarding is just not working for me. This function seems to be very much used in capistrano deployment. Keep in mind I'm not using github for the repo instead I am using ssh://git@my-private-server.git

so i run me@localhost:$ ssh -A deploy@remote-server.com 'git ls-remote git@my-private-server.git'

the result i get is: Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password). fatal: The remote end hung up unexpectedly

User Gravatar

topealabi

Posted Feb 21 2014 13:15 UTC

$30


  • ruby
    rails
    capistrano
  • 1180 Views

9 Replies


You seem to be missing the name of the repository in your git repo URI, it should have the following format:

user@hostname:/path/to/repo.git

For example, if there is a git user on example.com which has a git repo in /home/git/my-repo.git, then assuming git's HOME is /home/git, the URI would be:

git@example.com:my-repo.git

User Gravatar

lmars

Posted Feb 21 2014 14:14 UTC

Once you SSH to the server, does it have "SSH_AUTH_SOCK" environment variable defined? You can check with the following command on the deploy server:

env | grep SSH_AUTH_SOCK

If you do not have this environment variable then you are right, the agent is not being forwarded, please reply and I will ask more questions about it

If you do have this environment variable then it might be a different issue (like key mismatch), we'll look into this as well.

User Gravatar

eMxyzptlk

Posted Feb 21 2014 14:21 UTC

Assuming that all of your keys are setup correctly you might want to try the following.

Sample settings:

Your deploy server: deploy@one-of-my-servers.com
Your Git User/Server: git@mygitserver.com
Your Git repo: me/myproject.git
Your SSH port: 65432

Replace the above with your own settings and on your local machine run:

 $ ssh -A deploy@one-of-my-servers.com 'git ls-remote ssh://git@mygitserver.com:65432/me/myproject.git'
User Gravatar

placeforrandomstuff

Posted Feb 21 2014 16:57 UTC

@ EMXYZPTLK yes that env variable is available on the server SSH_AUTH_SOCK=/tmp/ssh-ImTwh31861/agent.31861

User Gravatar

topealabi

Posted Feb 21 2014 17:32 UTC

If the environment variable exists, it means your SSH agent forwarding is working properly and we should look for something else.

What about what lmars suggested? Can you locally (not on the server) access the git repo using this format:

git ls-remote git@my-private-server:repo.git

If that works then try remotely using your SSH command

ssh -A deploy@remote-server.com "git ls-remote git@my-private-server:repo.git"

If it does not work, it means either:

  • You are missing your SSH key on the Git server. To fix it, upload the key the same way you uploaded it to your deploy server
  • Your Git server does not allow pubkey authentication to ensure that SSH to your Git server.

Check the Git server if it allows pubkey Authentication. Here's what you should be looking for:

$ grep PubkeyAuthentication /etc/ssh/sshd_config
PubkeyAuthentication yes
$ grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile %h/.ssh/authorized_keys

If the values do not match, change them and restart your SSH server. NOTE: Do no lock yourself out of the server, before modifying/restarting your SSH server please do these steps:

  • Backup your SSH config file
  • Keep one connection open to the server and keep it open while you debug (I suggest a new terminal window)
  • If you can't ssh back in, your current SSH connection will remain open, just restore the file from backup and restart it again.
User Gravatar

eMxyzptlk

Posted Feb 21 2014 18:15 UTC

Those errors sound to me like it's using the wrong key for authentication.

How many keys do you have under your ~/.ssh/ directory?

By default it will use ~/.ssh/id_dsa or ~/.ssh/id_rsa

You can specify the key command line like so

ssh -i /path/to/some/key -A something@somewhere.com

Or in configuration file ~/.ssh/config

Host mygitserver1.com
  IdentityFile ~/.ssh/gitkey1
Host agitserver.com
  IdentityFile ~/.ssh/agitserverkey

I'm assuming this is using standard port 22 as well, what are you using for git? Is it just a basic git install or are you using something like GitLab?

User Gravatar

tripflex

Posted Feb 21 2014 19:37 UTC

This may be of interest to you as well:

https://github.com/kjsudbury/ssh-copy-key-mac

User Gravatar

tripflex

Posted Feb 21 2014 19:41 UTC

Hi,

there can be several issues on the way, here is complete guide from github https://help.github.com/articles/using-ssh-agent-forwarding it should be same even that you are using own repo.

  1. Make sure you are able connect to git repo from your local
  2. Make sure that you don't have set "ForwardAgent no" in "/etc/ssh_config" or " ~/.ssh/config" on your local
  3. You have set properly "AllowAgentForwarding yes" in "/etc/sshd_config" on remote server
  4. Verify that ssh agent have key avaiable # ssh-add -L you should be able to add it with # ssh-add yourkey
User Gravatar

elmariofredo

Posted Feb 22 2014 0:37 UTC

Remove the ssh:// prefix from your repo_url.

In other words, instead of this:

set :repo_url, "ssh://git@github.com:mbrictson/myrepo.git"

Do this:

set :repo_url, "git@github.com:mbrictson/myrepo.git"
User Gravatar

mbrictson

Posted Apr 17 2014 15:57 UTC

Add a reply

By posting a reply on CodersClan you agree to our Terms & Conditions