我在使用 Capistrano 使用公钥身份验证进行部署时遇到问题。在 Windows 上,我将其配置为在打开终端时自动启动 SSH 代理。
Agent pid 4476
Enter passphrase for /c/Users/Lea/.ssh/id_rsa:
Identity added: /c/Users/Lea/.ssh/id_rsa (/c/Users/Lea/.ssh/id_rsa)
id_rsa在我authorized_keys服务器上的文件中,我一直使用它来使用ssh lea@web.3.
我的Capfile如下:
require 'rubygems'
require 'railsless-deploy'
# application name
set :application, "site.com"
# multi-stage deploy
task :production do
set :branch, "master"
set :app_environment, "production"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/site.com/"
end
task :dev do
set :branch, `git rev-parse HEAD`
set :app_environment, "development"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/dev.site.com/"
end
# deploys remotely on SSH using deploy only key
set :repository, "git@bitbucket.org:us/site.git"
set :scm, :git
set :git_enable_submodules, 1
set :deploy_via, :remote_cache
# release configuration
set :use_sudo, false
set :keep_releases, 2
after "deploy:update", "deploy:cleanup"
# the web server user
set :user, "lea"
namespace :deploy do
task :migrate do
# do nothing
end
task :finalize_update, :except => { :no_release => true } do
transaction do
#run "chmod -R g+w #{release_path}"
run "echo '#{app_environment}' > #{release_path}/ENVIRONMENT"
end
end
task :restart, :except => { :no_release => true } do
# don't need to restart
end
end
当我运行部署时,它会再次询问我的 id_rsa 密码。为什么在我已经运行 ssh 代理并输入密码时会询问?
以下是 cap dev deploy 命令的日志。你可以看到它在哪里询问我的密码。另请注意,当我 ssh 进入服务器时,它也会在那里启动一个 ssh-agent 并加载一个用于 git 的 deployment_rsa 密钥(您可以在日志中看到这些消息)。
$ cap dev deploy
DL is deprecated, please use Fiddle
* 2013-09-12 13:19:30 executing `dev'
* 2013-09-12 13:19:30 executing `deploy'
* 2013-09-12 13:19:30 executing `deploy:update'
** transaction: start
* 2013-09-12 13:19:30 executing `deploy:update_code'
updating the cached checkout on all servers
* executing "if [ -d /var/www/vhosts/site/dev.site.com/shared/cache
d-copy ]; then cd /var/www/vhosts/site/dev.site.com/shared/cached-cop
y && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard 33
09af4ac302a6c2dc46bcf36e877abbd8472988\\\n && git submodule -q init && git submo
dule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"git version
1.6.5\" ] && echo --recursive) && git submodule -q update --init $GIT_RECURSIVE
&& git clean -q -d -x -f; else git clone -q git@bitbucket.org:us/v
entek.git /var/www/vhosts/site/dev.site.com/shared/cached-copy && cd
/var/www/vhosts/site/dev.site.com/shared/cached-copy && git checkout
-q -b deploy 3309af4ac302a6c2dc46bcf36e877abbd8472988 && git submodule -q init &
& git submodule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"
git version 1.6.5\" ] && echo --recursive) && git submodule -q update --init $GI
T_RECURSIVE; fi"
servers: ["web.3"]
Enter passphrase for c:/Users/Lea/.ssh/id_rsa:
[web.3] executing command
** [web.3 :: out] Agent pid 11336
** [web.3 :: err] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 2300ms
copying the cached version to /var/www/vhosts/site/dev.site.com/r
eleases/20130912191939
* executing "cp -RPp /var/www/vhosts/site/dev.site.com/shared/cache
d-copy /var/www/vhosts/site/dev.site.com/releases/20130912191939 && (
echo 3309af4ac302a6c2dc46bcf36e877abbd8472988\\\n > /var/www/vhosts/us/dev.site.com/releases/20130912191939/REVISION)"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11442
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 751ms
* 2013-09-12 13:19:39 executing `deploy:finalize_update'
* executing "echo 'development' > /var/www/vhosts/site/dev.site.com
/releases/20130912191939/ENVIRONMENT"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11451
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 610ms
* 2013-09-12 13:19:40 executing `deploy:create_symlink'
* executing "rm -f /var/www/vhosts/site/dev.site.com/current && ln
-s /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www
/vhosts/site/dev.site.com/current"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11460
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 621ms
** transaction: commit
triggering after callbacks for `deploy:update'
* 2013-09-12 13:19:41 executing `deploy:cleanup'
* executing "ls -xt /var/www/vhosts/site/dev.site.com/releases"
servers: ["web.3"]
[web.3] executing command
[err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh/dep
loyment_rsa)
command finished in 1186ms
** keeping 2 of 7 deployed releases
* executing "rm -rf /var/www/vhosts/site/dev.site.com/releases/2013
0906181120 /var/www/vhosts/site/dev.site.com/releases/20130912185329
/var/www/vhosts/site/dev.site.com/releases/20130912185937 /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www/vhosts/us/dev.site.com/releases/11469"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11476
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 750ms
$
现在,我的主要问题不在于密码。每次我运行 capistrano 时,每次部署都无法进行 2 次身份验证。我在服务器上的 ssh 日志中看到了这一点,但 Capistrano 中没有给出任何指示:
11:58:44 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
11:58:56 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
服务器正在运行 fail2ban,它在 5 次身份验证失败后阻止我的 IP(10 分钟),这意味着我在运行 capistrano 3 次后被阻止。这是一个巨大的不可接受的问题,我不知道为什么会发生这种情况。您对如何解决此问题或解决方案有任何建议吗?
谢谢!