search

welaika / wordmove

Multi-stage command line deploy/mirroring and task runner for Wordpress
https://wptools.it/wordmove
MIT License
1.87k stars 167 forks source link

ssh identities #346

Closed espretto closed 8 years ago

espretto commented 8 years ago

Hello, I'd like to make a feature request for ssh identities. I use wordmove inside a VVV machine with ssh. Works great, but both the push and pull commands ask me several times for the remote user's password. Now I do have an authorized public key, but I do so for every project and usually manage them via ~/.ssh/config. It would be great if the ssh section of the Movefile had an entry to specifiy the ssh identity to be used or rather a commandline option for wordmove since identities may vary among the developers. I imagine sth like this:

local:
  [...]
live:
  [...]
  ssh:
    host: ...
    user: ...
    identityFile: <path/to/private/key>
    # or
    identity: <name-of-identity>

Swapping out a symbolic link at ~/.ssh to point to the right key-pair isn't an option either since vagrant depends on it.

alessandro-fazzi commented 8 years ago

Hi @espretto :)

Isn't ~/.ssh/config a per-developer solution? What's the problem - if any - about using that standard config? We always considered it was the best way and use it extensively.

espretto commented 8 years ago

Right. Of course I could copy keys over to the vm's ~/.ssh and link the host specified in the Movefile to the ssh-identity. Sorry I totally missed it. Thank you!

endorama commented 8 years ago

Hi @espretto you could also use ssh agent and ssh agent forwarding.

Please note that there are some security concerns relative to Agent Forwarding:

Warning: You may be tempted to use a wildcard like Host * to just apply this setting to all SSH connections. That's not really a good idea, as you'd be sharing your local SSH keys with every server you SSH into. They won't have direct access to the keys, but they will be able to use them as you while the connection is established. You should only add servers you trust and that you intend to use with agent forwarding.

Used with vagrant is pretty safe tough, and permit sharing of ssh keys between host and guest, permitting ssh login from the vagrant box using host identities.

See Vagrant docs about ssh configuration for setting up agent forwarding.

Hope it helps.

alessandro-fazzi commented 8 years ago

Thanks @endorama and @espretto for your replies :)

@espretto really glad it gave to you a clue about your workflow.

Feel free to spam #wordmove channel on WP-Hub slack community if you need to discuss something