capistrano insisting on password - capistrano

First, my teammate is successfully deploying on almost exactly the same setup and using the exact same config as me re deploy. Therefore, cannot be a deploy configuration issue, there is nothing local or unique to any of our machines.
Second, I can successfully login via my machine using ssh user#server.com without password prompt.
However, I have tried everything to stop capistrano asking this question:
--recursive; fi"
servers: ["myserver.com"]
Password:
* [deploy:update_code] rolling back
I have tried every single password I have, and not entering a password. I don't even know what this password is for. Is it SSH? Because I don't even have a password protected key file.
I'm totally lost and I've literally been debugging this for 5 hours now without a single change in status. I'd really appreciate some help on how I can find out what the problem is.
Note, cap deploy simply works for my teammate using same config, same server. Everything, except different key file (note mine works and tested via ssh command).

Do you have to specify user#server.com to SSH to your server successfully (i.e., do you have a different username on your remote server from your local machine)?
You might just need to tell Capistrano what username it should be using to connect with by adding it to your deploy.rb:
set :user, "your-username"
You could also change the default username SSH will pick for that server by using ~/.ssh/config:
Host your.server.name
User your-username

Related

2FA with VS Code Remote-SSH?

I am using the Remote-SSH extension in Visual Studio Code to connect to a remote machine. This remote machine is protected by Duo's two-factor authentication. When I SSH in a terminal (outside of VS Code), I'm able to log-in perfectly - the terminal prompts me through the 2FA process. However, inside VS Code when I'm using the extension, I am not able to log-in. After typing in my SSH hostname and ID, the VS Code interface prompts me for my password over and over again, and does not proceed beyond that point.
Has anyone encountered this issue before? I'd love to know if there is an existing solution. Unfortunately, 2FA is managed by my company and I can't turn it off.
I run into the same problem and fixed it by using SSH ControlMaster for Single Singe-On.
If you connect to the relevant machine using <user_name>#<host_name> you can simply add the following to your ~/.ssh/config:
Host <nickname>
User <user_name>
HostName <host_name>
ControlMaster auto
ControlPath ~/.ssh/%r#%h:%p
If you now open up a new session in your terminal running ssh <nickname> you will be asked for the password and the 2FA key. But all other subsequent ssh sessions (including svn, rsync, etc. that run over ssh) will piggyback off the initial connection without the need for re-authentication.
You can now in VS Code, select Remote-SSH: Connect to Host... from the Command Palette (F1, ⇧⌘P) and simply enter: <nickname> and ControlMaster will automatically connect you using the already standing connection.
In my case, the nickname that I choose is "ody". After connecting VSC's Remote Development extension shows the following in the bottom left corner and lets me browse the files on the remote machine.
From the FASCR:
Note that all subsequent connections are dependent on the initial connection — if you exit or kill the initial connection all other ones die, too. This can obviously be annoying if it happens accidentally. It’s easily avoided by setting up a master connection in the background:
ssh -CX -o ServerAliveInterval=30 -fN <nickname>
The -fN make it go into the background and sit idle, after authenticating. (C for compression,Y for X forwarding, and o ServerAliveInterval=30 to prevent dropped connections have nothing to do with the ControlMaster but are almost always helpful.)
Note that all port forwarding, including X display forwarding, must be setup by the initial connection and cannot be changed.
Got to settings in VS Code and enable this setting, remote.SSH.showLoginTerminal. This pulls up the terminal so that sign in via 2FA that way.
You can use ~/.ssh/config file to configure your hostnames and keys. But I don't know if there is a way to save passwords for convenience.

VS Code ask for password repeatedly when opening different folder on same host

I have connected to a remote Ubuntu host from Windows using VS Code and using it for remote development. Often times I open different code repositories in VS Code but every time I have to open a different folder despite having the connection established the VS Code ask for password.
It seems that once we are commented to a remote host then successive opening of different folder from same host should not prompt for password.
Is there any setting I am missing or should do to resolve this or save password.
I'm assuming you're connecting to an ssh remote.
There are two ways to authenticate an ssh connection, via password and via public/private key. When using the latter you don't need to enter the password each time.
To use the public/private keys here's what you have to do:
You first need a pair (public/private) of ssh keys. On windows you can use ssh-keygen to generate them for you and put them in the default ssh config folder ( ~/.ssh/)
You then have to configure the remote server to allow your ssh key, you can do this in two ways:
with the ssh-copy-id command if available (I think on windows it's not there, but you can try)
by manually add your public key (~/.ssh/id_rsa.pub) to the.ssh/authorized_keys file on the host machine
Here's a link to know more about passwordless logins via ssh: https://www.redhat.com/sysadmin/passwordless-ssh
Open git bash on Windows
cd .ssh
ssh-copy-id -i id_ed25519.pub your-username#your-server

CruiseControl.net connecting to BitBucket using SSH and running as a service

here's my situation.
I'm running Cruise Control as a Windows Service and trying to get it to connect to a Mercurial Repository on BitBucket over SSH.
I'm pretty sure that everything's configured OK (PuttyGen, Pagaent, etc). I'm remoting onto the server using the same account that I am using to run the service and if I issue hg pull -b ssh://#bitbucket.org// from a command line everything works. I added -v to the ssh configuration in mercurial.ini and I can see all of the steps that are taken.
If I run CC.NET from a command prompt then it builds fine. In the console window I can see the same logging from the SSH operation.
However, if I run CC.NET as a service (using the same user account that I'm logged in on) the call to BitBucket times out. I can find no way to work out why either. The build log doesn't help and neither do ccnet.log or ccnet.trace in the temp directory. I was expecting one of them to contain the logging from the SSH operation, but they don't.
Can anyone help? Is it that running as a service prevents it from connecting to Pagaent (I've started Pagaent by adding it to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). When I did the pull from the command line I had to OK a dialog, but only once. Is it waiting on the same dialog now that it's running as a service?
Getting close to my wits end here.
Thanks
I did get it working in the end. The trick was to create the public key without a passphrase. When running as a service the solution has to be completely non-interactive and the passphrase option with pagaent.exe just isn't.
Here are the steps:
Use PutTTygen to generate a secure key WITHOUT a passphrase. If you really do need one then you can add it to the mercurial.ini file, but defeats the point for me as it's in plain sight anyway.
Copy a mercurial.ini to two locations: C:\Windows\System32\config\systemprofile and C:\Windows\SysWOW64\config\systemprofile. Probably only one of these was really necessary, but I didn't have the time to experiment. The first is the home directory for the system user when running 64 bit apps, the SysWOW64 location for 32 bit. Make sure that if you do the same as me then keep both files in sync - or go one further and work out which is the correct location.
Add something like this line under the [ui] key in both files:
ssh = "D:\Program Files\TortoiseHg\TortoisePlink.exe" -ssh -2 -C -batch -v -i "[Path to your ppk file]"
Add the passphrase to the end of the command if one was created in step 1.
Make sure that TortoisePlink.exe is specified, not Plink.exe. They should both be in the same directory.
Download psexec from http://technet.microsoft.com/en-gb/sysinternals/bb842062.aspx
Run d:\PSTools\PsExec.exe -s -i cmd.exe. This will open a command line as the system account in interactive mode.
Now do an hg pull, or hg clone or whatever.
A dialog should pop up with a confirmation message. This is a one time thing and the reason that you have to do the PsExec step. OK the dialog.
Now cc.net should be able to be run as a service under the local system account using SSH!

Python fabric with EC2 instance

I am working on setting up auto deployment script using Python Fabric on EC2 instance. We are already having code repositories cloned on EC2 instance with HTTPS (without user name,https://bitbucket.org/) instead of SSH.
If we clone the repositories using SSH, it will solve my problem for now. But, I just wanted to know if following is possible:-
After connecting to remote EC2 instance using Fabric, if my next command is hg clone, it asks for user name and password. I have to type this two things manually on command prompt.
Is there any way we can pass these values run time automatically?
Thanks!
You can use ssh keys and connect using the ssh+hg protocol. It'll auth w/o password if you set that up.

Problems using teamcity command line to perform ssh remote login

I was wondering if anyone has tried using teamcity's command line builder to perform ssh remote login.
Right now, I would like to automate some testing on a QNX neutrino OS which is currently unsupported by teamcity. As a work around, I setup a ssh server on the target qnx machine so i could ssh and sftp the executables in.
Firstly, the source are compiled on Windows XP using qnx's compiler (based on g++). Followed by sftp-ing the executables into qnx neutrino.
Next, using ssh, script the login to remotely start the test apps and send the results back to the remote agent for publishing.
The batch script I created works well standalone, however, after hooking it up on the remote agent, it fails to login ssh and hangs indefinitely at the following command:
ssh -l "./.sh"
Notes:
I have added the remote agent's RSA public key in the QNX .ssh/authorized keys file, automatic login is working.
Is there a need to add the teamcity server's RSA public key in too?
Anyone has any idea on this problem?
I had a few weird problems with key-based SSH logins on QNX related to file permissions for the keys in .ssh. and permissions of parent folders (/home/username and /root).
Add
LogLevel DEBUG3
to /etc/openssh/sshd_config, make sure syslog is configured and is logging sshd output, restart sshd and try again - it will most likely complain about something.
Also, ssh -l "./.sh" makes no sense - -l is used to specify the user name, something is off there.