Rails, Capistrano and svn+ssh agent forwarding

Posted on 02 November 2007 by Johannes Fahrenkrug. Tags: Programming Ruby rails
I was working on deploying a Rails application using Capistrano today. I ran into a few problems because my SVN server uses svn+ssh authentication. I will not go into all the details of using Mongrel and Capistrano, I'll just touch on the points that are important for using it with svn+ssh. The problem is this: Capistrano logs in to your deployment server and wants to check out your Rails project from your SVN server. If that SVN server uses svn+ssh authentication, you need to enter a password, but since Capistrano is issuing the command, you can't enter that password and everything fails. You'll see something like this:
** [out ::] subversion is asking for a password
The solution I used was to use SSH public key authentication instead. Here's a great tutorial. Once that's done, you only need your private key on your client and the public key on your SVN server. Now you either keep following the tutorial to set up ssh agent forwarding or you take the easy way and download SSHKeychain for your Mac. Install it using these instructions (don't forget to enable "Manage global environment variables" in SSHKeychain's Preferences), add it to your Mac's Login Items, log out of your Mac session, and log in again. If everything with the keys is set up correctly, you should be able to log in to your SVN server through Terminal.app without being asked for a password. Ok, now you have to tell Capistrano that it should use ssh agent forwarding. That is required for Capistrano to be able to log in to your SVN server using your key and not requiring a password. So open up deploy.rb and add this line to the SSH OPTIONS section:
ssh_options[:forward_agent] = true
If cap cold_deploy works now: great. In my case, it threw a strange exception like this one:
Net::SSH::Transport::Session: [:forward_agent] (ArgumentError)
That means your net-ssh ruby gem is too old. I think it has to be at least version 1.1.1. So after running
gem update net-ssh
cap cold_deploy worked like a charm! This great tutorial also helped me a lot.


codesnik said...

thank you very much, your post helped me a lot.

I still wonder why default net/ssh ":config => true" option doesn't take into account ForwardAgent value in my .ssh/config

maybe some bug in net/ssh. I'm going to look deeply into code tomorrow.

August 13, 2008 08:09 PM

Wilson said...

Thanks! This was a huge help for me this evening and something that's not obvious for everyone.

May 18, 2008 03:52 AM


Please keep it clean, everybody. Comments with profanity will be deleted.

blog comments powered by Disqus