Capistrano local git repository cloning to remote asks for password despite SSH keys

Question

Totally new to Capistrano.

I have a local git repository that I want to publish to my remote server. I've followed other answers here and came up with this configuration:

require 'bundler/capistrano'

set :application, "app_name"
set :repository, '~/Dropbox/app/.git'
set :user, 'user_name'
set :deploy_to, 'ssh://remote_host/~/railsApps/app_name'
set :scm_verbose, true
set :deploy_via, :copy

default_run_options[:pty] = true

server "remote_server", :web, :app, :db, :primary => true

set :scm, :git
set :branch, "master"

ssh_options[:keys] = %w(~/.ssh/id_rsa)

after "deploy:restart", "deploy:cleanup"

This no longer asks for a password for the remote server, but fails always with the following error:

The --deployment flag requires a Gemfile.lock. Please make sure you have checked your Gemfile.lock into version control before deploying.

I am definitely including the Gemfile.lock file in my git repo.

If I change the Capistrano configuration to clone from the remote git folder to which I push (which is in that same server) then I don't get an error but it asks for my password every time I try to connect.

Help please.

Note that SSH key pairing works fine when used from the CLI for regular SSH connection.

Solution

Thanks to Tigraine I was able to solve it. In the hopes that this helps someone else, here is what finally did the trick:

Tigraine is correct in that the paths are local to the remote server, but I was getting an error when trying to use local paths, Capistrano kept searching on my local machine and throwing errors when it couldn't find those paths.

What I had to do was add the local_repository to the config and then everything worked. So the bits I changed are these:

set :local_repository, '~/Dropbox/app_name/.git'
set :repository, '~/railsApps/app_name.git'
set :deploy_to, '~/railsApps/app_name'

The local_repository path is local to my machine and the repository and deploy_to paths are local to the remote server.

Answer 1

First of all: Capistrano always executes it's commands on the remote server you are deploying to. This means that all paths you use like in set :deploy_to are local paths on the server.

In my case the config looks something like this:

set :scm, 'git'
set :repository,  "<repo url>"
set :branch, 'master'
set :git_shallow_clone, 1
set :scm_verbose, true

set :deploy_to, '/var/www/app'
set :deploy_via, :remote_cache

The important part here is the :deploy_to that is a local path on the server not a SSH path . This is where your config is wrong !

This gets even more important if you look at the commands capistrano then runs. It for example will usually do things like bash cd /var/www/app && bundle instal ... . If the path is not local the command will most likely fail.

Secondly this also means that Capistrano will deploy to your Git Server from your Remote Server, so you have to make sure the remote server has access to the Git Server. The ssh_options[:keys] therefore specifies the local SSH key used to connect to that remote_server, while on the server the default key from ~/.ssh/id_rsa.pub will be used.

You can avoid having to set up your SSH key on the Server by using SSH Agent forwarding by including ssh_options[:forward_agent] = true . This will simply forward your local SSH agent socket to the server and use that (good because your key never leaves your machine)

More info on SSH Agent forwarding can be found here

Answer 2

Thins to check:

Check in the remote server for .ssh folder and make sure your ssh key(id_rsa.pub) is added to authorized keys with no space appended.

do ssh-add from you local folder from where you are running the cap script.

Check for the permissions of .ssh folder on remote, it should be 700 and files inside with 600 permission.

If I change the Capistrano configuration to clone from the remote git folder to which I push (which is in that same server) then I don't get an error but it asks for my password every time I try to connect.

Now clone it from the git,