The situation
You want to type “cap deploy” without having to enter your ssh password every time
The background
You have configured your server to allow public key authentications over ssh and have given the proper permissions to the resulting files & folders (how to do this). Oh and the repository as well as your application is located in the same server.
The problem
Capistrano still asks for your password at one time in the deployment procedure!
Why Does this happens?
Once you typed cap deploy and the ssh session is established, the remote server will do a checkout (or clone, or whatever) at some point to fetch the latest revision from your repository. It will do this by using your capistrano :repository variable that probably looks like “ssh://[email protected]/home/user/repositories/myapp”. The “problem” (which is not really a problem) is on your remote server only… it has nothing to do with your public key authentication setup or your local machine. If you want to reproduce the problem, log into your ssh server and do the same checkout/clone operation that capistrano is trying to do. It should asks for a password. Why? Because you do the checkout with an “external url scheme”. So even if the repository url is pointing to the very same server that does the request, it still needs a password.
Solution
Checkout/Clone your repository with a physical path.
set :repository, "/home/#{user}/repositories/#{application}"
set :local_repository, "ssh://#{user}@#{domain}/home/#{user}/repositories/#{application}"
And that’s it!
At first you might think that it should be the other way around. Wouldn’t it make more sense if the :repository variable was set to a “ssh://” path and local_repository to a “local” path?
Well, yes. But for capistrano it means : “When I’m on your local workstation, I will use :local_repository to access your repository. And when I’m connected on the remote server, I will use :repository”
..or just setup ssh public-key authentication for your repository too. GitHub does that (checkout keys) you can do it too.
Thank you for sharing this, Jan.
Another alternative is to use ssh forwarding for the server to access the repository. Simply set the following in your deploy.rb:
set :ssh_options, { :forward_agent => true }
then make sure you’ve run ssh-add locally before running th deploy.