使用 Capistrano 部署到 AWS EC2 AMI 时出现身份验证失败错误
Authentication failed Error when deploying to AWS EC2 AMI with Capistrano
我正在学习本教程:
https://www.sitepoint.com/deploy-your-rails-app-to-aws/
应用已完全创建,运行 正在开发中(包括数据库)。
密钥已添加到 GIT 和 SSH,尽管从教程中我非常确定它们中的哪一个是准确的。
这就是我遇到的错误。
$ gem list net
*** LOCAL GEMS ***
net-http-digest_auth (1.4)
net-http-persistent (2.9.4)
net-scp (1.2.1)
net-ssh (3.2.0, 3.1.1)
net-telnet (0.1.1)
contactbook liviu-mac $ cap production deploy --trace
** Invoke production (first_time)
** Execute production
** Invoke load:defaults (first_time)
** Execute load:defaults
** Invoke rvm:hook (first_time)
** Execute rvm:hook
** Invoke rvm:check (first_time)
** Execute rvm:check
cap aborted!
Net::SSH::AuthenticationFailed: Authentication failed for user deploy@52.87.233.215
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/net-ssh-3.2.0/lib/net/ssh.rb:249:in `start'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/connection_pool.rb:59:in `call'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/connection_pool.rb:59:in `with'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/netssh.rb:155:in `with_ssh'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/netssh.rb:108:in `execute_command'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:141:in `block in create_command_and_execute'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:141:in `tap'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:141:in `create_command_and_execute'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:60:in `capture'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/capistrano-rvm-0.1.2/lib/capistrano/tasks/rvm.rake:9:in `block (3 levels) in <top (required)>'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:29:in `instance_exec'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:29:in `run'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'
Tasks: TOP => rvm:check
我尝试了我找到的帖子中建议的几乎所有修复方法。什么都不适合我。
这里有更多详细信息:
$ gem list net
*** LOCAL GEMS ***
net-http-digest_auth (1.4)
net-http-persistent (2.9.4)
net-scp (1.2.1)
net-ssh (3.2.0, 3.1.1)
net-telnet (0.1.1)
我的 Capfile 是:
# Load DSL and set up stages
require "capistrano/setup"
# Include default deployment tasks
require "capistrano/deploy"
require 'capistrano/rvm'
# require 'capistrano/rbenv'
# require 'capistrano/chruby'
require 'capistrano/bundler'
require 'capistrano/rails/assets'
require 'capistrano/rails/migrations'
require 'capistrano/puma'
# require 'capistrano/passenger'
require 'capistrano/ssh_doctor'
# Load custom tasks from `lib/capistrano/tasks` if you have any defined
Dir.glob("lib/capistrano/tasks/*.rake").each { |r| import r }
我的 config/deply/production.rb 文件是(一个未注释的行):
server '52.87.233.215', user: 'deploy', roles: %w{web app db}
我的 config/deploy.rb 文件是:
# config valid only for current version of Capistrano
lock '3.6.1'
set :application, 'contactbook'
set :repo_url, 'git@github.com:levi-l-damian/contactbook.git'
# Default branch is :master
# ask :branch, `git rev-parse --abbrev-ref HEAD`.chomp
set :branch, :master
# Default deploy_to directory is /var/www/my_app_name
# set :deploy_to, '/var/www/my_app_name'
set :deploy_to, '/home/deploy/contactbook'
# Default value for :pty is false
set :pty, true
# Default value for :linked_files is []
# append :linked_files, 'config/database.yml', 'config/secrets.yml'
set :linked_files, %w{config/database.yml config/application.yml}
# Default value for linked_dirs is []
# append :linked_dirs, 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'public/system'
set :linked_dirs, %w{bin log tmp/pids tmp/cache tmp/sockets vendor/bundle public/system public/uploads}
# Default value for keep_releases is 5
set :keep_releases, 5
set :rvm_type, :user
set :rvm_ruby_version, 'ruby-2.3.1' # Edit this if you are using MRI Ruby
set :puma_rackup, -> { File.join(current_path, 'config.ru') }
set :puma_state, "#{shared_path}/tmp/pids/puma.state"
set :puma_pid, "#{shared_path}/tmp/pids/puma.pid"
set :puma_bind, "unix://#{shared_path}/tmp/sockets/puma.sock" #accept array for multi-bind
set :puma_conf, "#{shared_path}/puma.rb"
set :puma_access_log, "#{shared_path}/log/puma_error.log"
set :puma_error_log, "#{shared_path}/log/puma_access.log"
set :puma_role, :app
set :puma_env, fetch(:rack_env, fetch(:rails_env, 'production'))
set :puma_threads, [0, 8]
set :puma_workers, 0
set :puma_worker_timeout, nil
set :puma_init_active_record, true
set :puma_preload_app, false
不知道如何解决这个问题并继续前进?
在对 Capistrano 中的 authentication failed 错误进行故障排除时,降低到较低级别并首先测试与 ssh 的连接性很有用。这样你就可以确定它是否真的是 Capistrano 问题,或者更基本的 SSH 连接问题。
在这种情况下,Capistrano 说它无法作为 deploy 用户连接到 52.87.233.215。让我们像这样手动验证:
ssh -v deploy@52.87.233.215
-v 标志转储了一堆详细的日志记录,以便我们可以看到正在尝试使用哪些身份验证方法。
如果您得到 permission denied (publickey),则表示您没有在服务器上正确安装 public 密钥。换句话说,服务器无法验证您的真实身份,因此拒绝访问。
要安装您的 public 密钥,请从您的本地计算机复制此文件的内容:
~/.ssh/id_rsa.pub
并将这些内容粘贴到服务器上的文件中:
~deploy/.ssh/authorized_keys
确保 ~deploy/.ssh/authorized_keys 由 deploy 用户拥有和访问:
$ ls -ld ~deploy/.ssh
drwxr-xr-x 2 deploy deploy 4096 Jun 16 2015 /home/deploy/.ssh
$ ls -ld ~deploy/.ssh/authorized_keys
-rw------- 1 deploy deploy 1023 Sep 12 02:13 /home/deploy/.ssh/authorized_keys
现在再次尝试 ssh 命令:
ssh -v deploy@52.87.233.215
它应该可以工作,如果可以的话,Capistrano 现在也应该可以工作了。
唯一对我有用的解决方案是:
ssh -i ~/.ssh/contactbook.pem ec2-user@ec2-54-226-156-103.compute-1.amazonaws.com
su - deploy
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R
只有在命令之后:
ssh -v deploy@54.226.156.103
和
cap production deploy
成功。
我正在学习本教程:
https://www.sitepoint.com/deploy-your-rails-app-to-aws/
应用已完全创建,运行 正在开发中(包括数据库)。 密钥已添加到 GIT 和 SSH,尽管从教程中我非常确定它们中的哪一个是准确的。
这就是我遇到的错误。
$ gem list net
*** LOCAL GEMS ***
net-http-digest_auth (1.4)
net-http-persistent (2.9.4)
net-scp (1.2.1)
net-ssh (3.2.0, 3.1.1)
net-telnet (0.1.1)
contactbook liviu-mac $ cap production deploy --trace
** Invoke production (first_time)
** Execute production
** Invoke load:defaults (first_time)
** Execute load:defaults
** Invoke rvm:hook (first_time)
** Execute rvm:hook
** Invoke rvm:check (first_time)
** Execute rvm:check
cap aborted!
Net::SSH::AuthenticationFailed: Authentication failed for user deploy@52.87.233.215
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/net-ssh-3.2.0/lib/net/ssh.rb:249:in `start'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/connection_pool.rb:59:in `call'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/connection_pool.rb:59:in `with'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/netssh.rb:155:in `with_ssh'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/netssh.rb:108:in `execute_command'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:141:in `block in create_command_and_execute'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:141:in `tap'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:141:in `create_command_and_execute'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:60:in `capture'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/capistrano-rvm-0.1.2/lib/capistrano/tasks/rvm.rake:9:in `block (3 levels) in <top (required)>'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:29:in `instance_exec'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/backends/abstract.rb:29:in `run'
/Users/liviu-mac/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/sshkit-1.11.3/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'
Tasks: TOP => rvm:check
我尝试了我找到的帖子中建议的几乎所有修复方法。什么都不适合我。
这里有更多详细信息:
$ gem list net
*** LOCAL GEMS ***
net-http-digest_auth (1.4)
net-http-persistent (2.9.4)
net-scp (1.2.1)
net-ssh (3.2.0, 3.1.1)
net-telnet (0.1.1)
我的 Capfile 是:
# Load DSL and set up stages
require "capistrano/setup"
# Include default deployment tasks
require "capistrano/deploy"
require 'capistrano/rvm'
# require 'capistrano/rbenv'
# require 'capistrano/chruby'
require 'capistrano/bundler'
require 'capistrano/rails/assets'
require 'capistrano/rails/migrations'
require 'capistrano/puma'
# require 'capistrano/passenger'
require 'capistrano/ssh_doctor'
# Load custom tasks from `lib/capistrano/tasks` if you have any defined
Dir.glob("lib/capistrano/tasks/*.rake").each { |r| import r }
我的 config/deply/production.rb 文件是(一个未注释的行):
server '52.87.233.215', user: 'deploy', roles: %w{web app db}
我的 config/deploy.rb 文件是:
# config valid only for current version of Capistrano
lock '3.6.1'
set :application, 'contactbook'
set :repo_url, 'git@github.com:levi-l-damian/contactbook.git'
# Default branch is :master
# ask :branch, `git rev-parse --abbrev-ref HEAD`.chomp
set :branch, :master
# Default deploy_to directory is /var/www/my_app_name
# set :deploy_to, '/var/www/my_app_name'
set :deploy_to, '/home/deploy/contactbook'
# Default value for :pty is false
set :pty, true
# Default value for :linked_files is []
# append :linked_files, 'config/database.yml', 'config/secrets.yml'
set :linked_files, %w{config/database.yml config/application.yml}
# Default value for linked_dirs is []
# append :linked_dirs, 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'public/system'
set :linked_dirs, %w{bin log tmp/pids tmp/cache tmp/sockets vendor/bundle public/system public/uploads}
# Default value for keep_releases is 5
set :keep_releases, 5
set :rvm_type, :user
set :rvm_ruby_version, 'ruby-2.3.1' # Edit this if you are using MRI Ruby
set :puma_rackup, -> { File.join(current_path, 'config.ru') }
set :puma_state, "#{shared_path}/tmp/pids/puma.state"
set :puma_pid, "#{shared_path}/tmp/pids/puma.pid"
set :puma_bind, "unix://#{shared_path}/tmp/sockets/puma.sock" #accept array for multi-bind
set :puma_conf, "#{shared_path}/puma.rb"
set :puma_access_log, "#{shared_path}/log/puma_error.log"
set :puma_error_log, "#{shared_path}/log/puma_access.log"
set :puma_role, :app
set :puma_env, fetch(:rack_env, fetch(:rails_env, 'production'))
set :puma_threads, [0, 8]
set :puma_workers, 0
set :puma_worker_timeout, nil
set :puma_init_active_record, true
set :puma_preload_app, false
不知道如何解决这个问题并继续前进?
在对 Capistrano 中的 authentication failed 错误进行故障排除时,降低到较低级别并首先测试与 ssh 的连接性很有用。这样你就可以确定它是否真的是 Capistrano 问题,或者更基本的 SSH 连接问题。
在这种情况下,Capistrano 说它无法作为 deploy 用户连接到 52.87.233.215。让我们像这样手动验证:
ssh -v deploy@52.87.233.215
-v 标志转储了一堆详细的日志记录,以便我们可以看到正在尝试使用哪些身份验证方法。
如果您得到 permission denied (publickey),则表示您没有在服务器上正确安装 public 密钥。换句话说,服务器无法验证您的真实身份,因此拒绝访问。
要安装您的 public 密钥,请从您的本地计算机复制此文件的内容:
~/.ssh/id_rsa.pub
并将这些内容粘贴到服务器上的文件中:
~deploy/.ssh/authorized_keys
确保 ~deploy/.ssh/authorized_keys 由 deploy 用户拥有和访问:
$ ls -ld ~deploy/.ssh
drwxr-xr-x 2 deploy deploy 4096 Jun 16 2015 /home/deploy/.ssh
$ ls -ld ~deploy/.ssh/authorized_keys
-rw------- 1 deploy deploy 1023 Sep 12 02:13 /home/deploy/.ssh/authorized_keys
现在再次尝试 ssh 命令:
ssh -v deploy@52.87.233.215
它应该可以工作,如果可以的话,Capistrano 现在也应该可以工作了。
唯一对我有用的解决方案是:
ssh -i ~/.ssh/contactbook.pem ec2-user@ec2-54-226-156-103.compute-1.amazonaws.com
su - deploy
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R
只有在命令之后:
ssh -v deploy@54.226.156.103
和
cap production deploy
成功。