Search code examples
gitsshcapistranoopenssh

Windows ssh agent forwarding and cap\git deploy problems

Capistrano fails to connect to git repo (bitbucket) with ssh agent forwarding from windows.

Environment:

Windows 10
Ruby 2.4.4 for Windows installed
Rails 5.2.2
Cap 3.11.0
OpenSSH_for_Windows_7.7p1

Can successfully ssh to host and git ls-remote or clone. When issuing a cap deploy or cap task like git ls-remote connecting to the bitbucket repo fails.

git stdout: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
git stderr: Nothing written

Capistrano does connect to the bitbucket repo if using http and setting the username:password in the URL.

I have written cap tasks to show that SSH_AUTH_SOCK is set. I have played with .ssh\config with many options pointing to the keys, host * etc.

deploy.rb:

set :repo_url set correctly.

staging.rb

set :ssh_options,
    keys: ['c:\users\mike\.ssh\key.pem'],
    forward_agent: true

.ssh\config

Host hostname
  User username
  IdentityFile ~/.ssh/key.pem
  ForwardAgent yes

/etc/ssh/sshd.conf on server

AllowAgentForwarding yes

Looking for advice on what to try next. It seems cap is using the wrong public key or failing to use agent forwarding. I have added all the keys to bitbucket also and that didn't work.

Additional findings:

Monitoring /var/log/secure during a cap deploy yeilds this

Seems it cannot connect to the ssh-agent on the source computer.

Feb 18 23:13:15 ip-255-255-255-255 sshd[19242]: Accepted publickey for railsuser from x.x.x.x port 60682 ssh2: RSA SHA256:<has>
Feb 18 23:13:15 ip-255-255-255-255 sshd[19242]: pam_unix(sshd:session): session opened for user railsuser by (uid=0)
Feb 18 23:13:15 ip-255-255-255-255 sshd[19260]: channel 2: open failed: connect failed: could not connect to authentication agent
Feb 18 23:13:15 ip-255-255-255-255 sshd[19242]: pam_unix(sshd:session): session closed for user railsuser
Solution

  • Capistrano uses the net-ssh gem and net-ssh doesn't currently support Windows native installation of OpenSSH.

    Net-ssh does support Putty's pageant or Cygwin's ssh-agent installation.

    I have successfully tested Putty's pageant and it worked as expected.