[英]Deployment using ssh with key without providing passphrase for private key (ssh-agent)
Wherein lies the difference between Capistrano and Rocketeer when it comes to the passphrase for a private key? 关于私钥的密码短语,Capistrano和Rocketeer之间的区别在哪里?
I already have both Capistrano and Rocketeer deployment strategies set up properly and working. 我已经正确设置了Capistrano和Rocketeer部署策略并可以正常工作。 Capistrano lets ssh-agent provide the passphrase - Rocketeer, as it seems, does not. Capistrano让ssh-agent提供密码短语 -Rocketeer似乎不提供。 The question is not about how but why the passphrase is needed. 问题不是关于如何,而是为什么需要密码短语。
Background: 背景:
I want to use Rocketeer for deployment of a Laravel application instead of Capistrano. 我想使用Rocketeer而不是Capistrano来部署Laravel应用程序。 It seems as if it delegates the SSH connection to Laravel. 似乎将SSH连接委托给Laravel。
After setting only the remote server's name in the configuration and running a check, after some prompts for credentials Rocketeer stores the needed passphrase and the path to my desired private key in a non-version-controlled file. 在配置中仅设置了远程服务器的名称并运行检查后,在提示输入凭据后,Rocketeer将所需的密码和我所需的私钥的路径存储在非版本控制的文件中。
I do not want to have credentials for establishing a SSH connection stored on my disk - especially not the passphrase to any of my private keys. 我不想在磁盘上存储用于建立SSH连接的凭据-尤其是不希望使用任何我的私钥的密码短语。
So, why is anything more than the server's name required? 那么,为什么只需要服务器名称呢?
I see that Laravel has those fields prepared in its remotes config - I just could not find out which component is responsible eventually and why it does not leave the SSH connection completely to the system itself. 我看到Laravel在其remotes配置中准备了这些字段-我只是找不到最终负责哪个组件,以及为什么它没有完全将SSH连接留给系统本身。
Is it Rocketeer , Laravel , Symfony , phpseclib or even php itself underneath that needs that many information for establishing a SSH connection? 是在下面需要大量信息才能建立SSH连接的Rocketeer , Laravel , Symfony , phpseclib还是php本身?
It's Laravel's missing implementation of phpseclib's ssh-agent that requires that many information for establishing a SSH connection. Laravel缺少phpseclib的ssh-agent的实现,该实现需要许多信息来建立SSH连接。
That's why Rocketeer does not allow to rely on the ssh-agent next to username/password and privatekey/passphrase authentication as does Capistrano. 这就是为什么Rocketeer不允许Capistrano依赖用户名/密码和私钥/密码验证旁边的ssh-agent。
A proposal was stated and merged to include phpseclib's undocumented implementation for using the ssh-agent instead of an explicit key. 有人提议说 ,并合并到包括phpseclib的使用SSH代理无证执行 ,而不是一个明确的关键。
Rocketeer would profit from this as it relies on said implementation of phpseclib in Laravel. Rocketeer将从中受益,因为Rocketeer依赖于Laravel中所说的phpseclib实现。
(Thanks to @hannesvdvreken, @ThomasPayer and @passioncoder for pointing in the right directions) (感谢@ hannesvdvreken,@ ThomasPayer和@passioncoder指向正确的方向)
There are some thing you might want to know. 您可能想知道一些事情。
You can use the default app/config/remote.php
or you can use the Rocketeer config.php
that gets published under app/packages/anahkiasen/rocketeer
. 您可以使用默认的app/config/remote.php
,也可以使用在app/packages/anahkiasen/rocketeer
下发布的Rocketeer config.php
。
I tend to use the Laravel file. 我倾向于使用Laravel文件。 I made a copy of that file into the app/config/development
folder which is ignored by git with .gitignore
. 我将该文件的副本复制到app/config/development
文件夹中,而git使用.gitignore
其忽略。 I only write down the passkey of my private key down in that file. 我只在该文件中写下私钥的密码。 It will get merged with the array in app/config/remote.php
. 它将与app/config/remote.php
的数组合并。
Here's my app/config/development/remote.php
file: 这是我的app/config/development/remote.php
文件:
return array(
'connections' => array(
'staging' => array(
'keyphrase' => 'your-secret-here',
),
'production' => array(
'keyphrase' => 'your-secret-here',
),
),
);
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.