Deployment using ssh with key without providing passphrase for private key (ssh-agent)

1
votes

Wherein lies the difference between Capistrano and Rocketeer when it comes to the passphrase for a private key?

I already have both Capistrano and Rocketeer deployment strategies set up properly and working. Capistrano lets ssh-agent provide the passphrase - Rocketeer, as it seems, does not. The question is not about how but why the passphrase is needed.

Background:

I want to use Rocketeer for deployment of a Laravel application instead of Capistrano. It seems as if it delegates the SSH connection to Laravel.

After setting only the remote server's name in the configuration and running a check, after some prompts for credentials Rocketeer stores the needed passphrase and the path to my desired private key in a non-version-controlled file.

I do not want to have credentials for establishing a SSH connection stored on my disk - especially not the passphrase to any of my private keys.

So, why is anything more than the server's name required?

I see that Laravel has those fields prepared in its remotes config - I just could not find out which component is responsible eventually and why it does not leave the SSH connection completely to the system itself.

Is it Rocketeer, Laravel, Symfony, phpseclib or even php itself underneath that needs that many information for establishing a SSH connection?

2
phpsymfonysshlaravelssh-agent
I found Rocketeer to be a pain working with. I would rather give you the advise to make a switch to deployer. It's much simpler and has ready-to-go recipes for most frameworks. - Nikola Petkanski
Thank you @NikolaPetkanski for the advice! I actually never used rocketeer because of this issue and switched back to shell scripts. Had my share of Capistrano in between. Today I'm still provisioning and deploying through shell scripts and Ansible. I'll give deployer a try, though. - luchaos

2 Answers

3
votes

It's Laravel's missing implementation of phpseclib's ssh-agent that requires that many information for establishing a SSH connection.

That's why Rocketeer does not allow to rely on the ssh-agent next to username/password and privatekey/passphrase authentication as does Capistrano.

A proposal was stated and merged to include phpseclib's undocumented implementation for using the ssh-agent instead of an explicit key.

Rocketeer would profit from this as it relies on said implementation of phpseclib in Laravel.

(Thanks to @hannesvdvreken, @ThomasPayer and @passioncoder for pointing in the right directions)

2
votes

There are some thing you might want to know.

You can use the default app/config/remote.php or you can use the Rocketeer config.php that gets published under app/packages/anahkiasen/rocketeer.

I tend to use the Laravel file. I made a copy of that file into the app/config/development folder which is ignored by git with .gitignore. I only write down the passkey of my private key down in that file. It will get merged with the array in app/config/remote.php.

Here's my app/config/development/remote.php file:

return array(
    'connections' => array(
        'staging' => array(
            'keyphrase' => 'your-secret-here',
        ),
        'production' => array(
            'keyphrase' => 'your-secret-here',
        ),
    ),
);

Hope this helps.