3

I am deploying using Capistrano to a new server and having the following issue. Currently, I cannot add an SSH key to the server to log in with so I must use password authentication. However, I do have a key for another server saved in my local user account's .ssh directory.

Here is the error I get when I try to log in:

C:\Web\WebApp1>cap deploy:setup
  * executing `deploy:setup'
  * executing "mkdir -p /home2/webapp1 /home2/webapp1/releases /home2/webapp1/shared /home2/webapp1/shared/system /home2/webapp1/shared/log /home2/webapp1/shared/pids"
    servers: ["myserver.example.com"]

connection failed for: myserver.example.com (OpenSSL::PKey::PKeyError: not a public key "C:/Users/MyAccount/.ssh/id_rsa.pub")

How can I get Capistrano to ignore the existence of the key I have and let me log in with a password instead? I tried adding set :password, "myp@ssw0rd" to deploy.rb and it didn't help.

UPDATE

I followed @sysadmin1138's answer to add the following to the ssh config file:

HostName myserver.example.com
    PreferredAuthentications=password
    PubkeyAuthentication=no

Now, I get the error:

connection failed for: myserver.example.com (Net::SSH::AuthenticationFailed: webappuser)

It does not even ask for the password though. When I tried specifying the password in the config file, it still gave the same error.

Here are the relevant parts of my Capistrano config:

role :web, "myserver.example.com"

set :user, "webappuser"
default_run_options[:pty] = true # Allow Capistrano to prompt for passwords

set :deploy_to, "/home2/webapp1"
Moshe Katz
  • 3,053
  • 3
  • 26
  • 41
  • "Currently, I cannot add an SSH key to the server to log in with so I must use password authentication" -- In my situation, this would be an enormous headache all the time. I would wait until I could establish key auth. – Jodie C Aug 30 '12 at 02:33
  • I needed to add `set :user, "root"` to my `deploy.rb` – ggirtsou Dec 24 '14 at 21:04

2 Answers2

3

This is probably solveable outside of Capistrano and in SSH itself. Setting up a ~/.ssh/config file an creating an entry for your host:

HostName myserver.example.com
    PreferredAuthentications=keyboard-interactive
    PubkeyAuthentication=no

Capistrano will definitely prompt for a password if no key is present, I've done that.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
  • This should do it I think. My server uses `password`, not `keyboard-interactive`, but that shouldn't make a difference. Unfortunately, it doesn't seem to work. See update to question. – Moshe Katz Aug 29 '12 at 03:34
  • @MosheKatz ahah, passworded pubkey. I see. – sysadmin1138 Aug 29 '12 at 12:21
2

After reading through the code for Net::SSH::KeyManager, I found the problem.

On this machine, I have a public key named id_rsa.pub without the corresponding private key id_rsa (because I use id_rsa.ppk which is the PuTTY version of the key file).

Net::SSH::KeyManager, however, will only use a key if both the private and public files are in the directory. Unfortunately, this also means that if it finds a public key without the private key (or a private key without the public key), it will immediately throw an exception, instead of just discarding the key.

After I used PuTTYgen to export the private key from the .ppk file into a standard OpenSSH file (and then modified that file according to this answer), I was able to connect using password authentication (without needing the ssh/config file as shown in another answer).

Note: I think this is a bug in the OpenSSH gem. Having one invalid key should not stop you from using a different key or a password.

Community
  • 1
Moshe Katz
  • 3,053
  • 3
  • 26
  • 41