Using SSHKeys
For extra points, you can install an ssh key for fast logins when using ssh and Capistrano. This is strongly encouraged unless you REALLY enjoy typing the password you selected for the deploy user. NOTE: On a Mac, ONLY the shell you execute these commands in will be able to log in without a password.
Windows users, check out these hints from another Machinist.
Setting Up Your Key
By creating a passphrase protected SSH key on your client machine and copying it to your Rails Machine you can make logins a little safer and save yourself from having to type passwords quite as often. You can generate an SSH RSA key with your email as an added comment using the ssh-keygen command. The following command will create two files, id_rsa and id_rsa.pub, in your .ssh/ directory:
ssh-keygen -t rsa -f ~/.ssh/id_rsa -C "you@web2.oh" You need to do a little preparation on your Rails Machine; creating the ~/.ssh directory with the correct permissions for the deploy user. Note that this uses SSH to remotely execute the command from your client machine and you don’t run this on your Rails Machine.
ssh deploy@your_account.railsmachina.com 'mkdir ~/.ssh;chmod 700 ~/.ssh'With the .ssh directory prepared on your Rails Machine you need to copy your public key to the .ssh/authorized_keys file. Then make sure the permissions on that file allow only the deploy user to read and write.
scp ~/.ssh/id_rsa.pub deploy@your_account.railsmachina.com:~/.ssh/authorized_keys
ssh deploy@your_account.railsmachina.com 'chmod 600 ~/.ssh/authorized_keys'Now you have created and deployed your SSH keypair. Using the keys you have just created along with the SSH Agent you can deploy your apps effortlessly with Capistrano. So just finish up the section on Using the SSH-Agent and it will be smooth sailing from there.
Using SSH-Agent
To safely use the SSH keys you just created, you must have a running SSH Agent that your shell session can find. If you are a Mac user this is most easily accomplished by starting the agent with the BASH eval command
eval `ssh-agent`If you are a Linux user the ssh-agent is usually already running and your shell can find it without trouble. If the following ssh-add command works, you should be fine.
The final step in this SSH Saga is to add your key to the agent using the ssh-add command. It will prompt you for the passphrase and then load your key into the ssh-agent. Now, any time you ssh to your Rails Machine from this shell as the deploy user, the SSH Agent will authenticate for you.
ssh-addIf you are uneasy about leaving your SSH key hanging around in memory all the time, you can use the -t option for ssh-add and tell it to remove the key after a specified period of time. So, to expire your key after 8 hours use ssh-add -t 8h or you can manually delete your key with ssh-add -D.
Even easier ways to use SSH-Agent
The problem with SSH-Agent is that you have to add your key by supplying your passphrase in each terminal session. No fun. What we’d rather do is supply our password once and never be asked again during the X session. This is where keychain comes in. Install keychain on the Linux of your choice (sudo apt-get install keychain on Debian), or on your Mac.
Then you can add something like this to your session:
keychain /home/rob/.ssh/id_rsaNow you can enjoy secure, fast logins.