{ mhfs } marcelo silveira

Setting SSH ForwardAgent Up for Capistrano/GitHub Deploy

One common inconvinience of setting up Capistrano for deploys via GitHub is creating SSH keys in the server and later adding the public key to the repository at GitHub to let the server clone/pull from the repository.

Fortunately there’s an easy way to overcome that. It’s a SSH feature called ForwardAgent. When enabled, ForwardAgent shares your local SSH key with the destination host allowing it to identify itself to a third host with your key.

In our context that means your app server can connect to the GitHub repository using the key from your local computer that’s already authorized to access it.

Now to the fun part. To make it work you’ll need to tell your local SSH which host it should enable ForwardAgent for. You do that by adding the following to your ~/.ssh/config file.

~/.ssh/config
1
2
3
# adjust host to your server accordingly
Host yourapphost.com
  ForwardAgent yes

Now you’ll need to make sure your ssh-agent is serving your keys. To do that:

# -K option might not work on non-OSX OSs
ssh-add -K ~/path/to/your/key

And finally connect to your host:

ssh yourapphost.com

You should now be able to connect from there to any host you can connect to from your local machine. For example, GitHub:

ssh -T git@github.com

Troubleshooting

To confirm your app server is seeing your local keys:

echo "$SSH_AUTH_SOCK"

To see all the keys ssh-agent is serving (locally):

ssh-add -L

To see the details of the SSH connection process:

ssh -v yourapphost.com

If the setup suddenly stop working check if your key got dropped by ssh-agent during a reboot. Adding it back should fix it.

Comments