SSH Agent and basic password prompt SSH connection simply not working

[wiledal]

Hey,

I've been trying for hours to connect to my server, but I keep having the same issue. In short: The SSH Agent forwarding seems to not work in my case, and I cannot connect without exposing a password in the flightplan.js.

My computer is a MacBook Pro running OSX 10.10.5 Yosemite, Node v4.2.6, flightplan 0.6.9. I have a simple Linode server running Ubuntu 14.04. I can SSH in fine using ssh root@176.x.x.x, then entering a password. I have set up my ~/.ssh/config, and going echo $SSH_AUTH_SOCK, on the server, tells me that the forwarding is working.

Now, I set up my flightplan.js in this barebones way:

var plan = require('flightplan');

plan.target('staging', {
  host: "176.x.x.x",
  user: "root",
  agent: process.env.SSH_AUTH_SOCK
});

plan.remote("deploy", function(remote) {
  remote.exec("echo $SSH_AUTH_SOCK");
})

Running fly deploy:staging I would expect to have a password prompt, but instead it returns ● Error connecting to '176.x.x.x': All configured authentication methods failed

I went ahead and added the password in the plan, which then allows me to connect, but the $SSH_AUTH_SOCK is empty, and so I cannot execute any git commands without key refusal. Same thing happens when adding my public key to the authorized_keys.

Obviously, this is not optimal. Why is the password prompt not appearing? It does appear when using flightplan to connect to my localhost, so it looks to me that the prompt is possible. I'd like to have deployers enter the server password to keep it open-ended for our developers. Could this be an issue with the settings on the server?

I don't understand why ssh-ing in normally, and ssh-ing with flightplan (ssh2) is so very different? It seems that I always get different results than any guide or tutorial. Have I completely missed some detail or setup process that is not mentioned in any documentation, or is my MacBook just not wanting this to work?

[pstadler]

1. Make sure that ssh-agent is running on your local machine. On my Mac the process is automatically started (ps x | grep ssh-agent -> /usr/bin/ssh-agent -l).
2. Your key is most likely encrypted. The solution is to add your key to the keychain, e.g. ssh-add -K ~/.ssh/id_rsa

Let me know if you need further assistance.

[wiledal]

My agent is absolutely running, and added to the keychain. I have been at this for several hours, so I seem to have run out of documented tricks to try.

To recap:

• Running fly deploy:staging either refuses connection, or lets me in after entering password in plan or public key in serverside authorized_keys, no password prompt
• Agent seems to be missing serverside, so any git commands are refused

SSHing manually from the terminal and running the same git commands is all good and golden. I tried this on a second machine to make sure mine wasn't corrupt with the same results.

[pstadler]

Having your public key in authorized_keys is definitely the way to go. Flightplan cannot decrypt your key on the fly.

To make your remote git commands work, you most likely need to set agentForward: true in your target configuration. agent has to be set as well, but this seems to be the case in your configuration.

[wiledal]

Wow, ok. agentForward. That solved it. I should've delved more into ssh2 I suppose. It did not occur to me that it was needed since none of the examples use it.

Still my other question remains, is it not possible to have a password prompt when logging into the server? Maybe I'm simplifying how SSH works.

[pstadler]

SSH is hard and using it with a highly configurable library is even harder, I agree. Try setting tryKeyboard: true.

On 2. Februar 2016 at 16:52:34, hugo wiledal (notifications@github.com) wrote:

Wow, ok. agentForward. That solved it. I should've delved more into ssh2 I suppose. It did not occur to me that it was needed since none of the examples use it.

Still my other question remains, is it not possible to have a password prompt when logging into the server? Maybe I'm simplifying how SSH works.

— Reply to this email directly or view it on GitHub https://github.com/pstadler/flightplan/issues/118#issuecomment-178650623 .

[wiledal]

tryKeyboard unfortunately does nothing in this case. But I'm willing to accept that defeat and add keys to the deployment server.

It just means that everyone that wants to be able to deploy first has to be added to the authorized_keys, which is a slight annoyance, but not a huge problem.

Thanks for the help! :beer: