Deploy missing keys to pull from GitHub

I’m confused about how to handle ssh keys for connecting to GitHub. How are these supposed to be deployed?

I’ve successfully provisioned a couple DO droplets using bedrock-ansible, but the deploy playbook fails on “Clone project files” with this:

fatal: Could not read from remote repository.```

That fails because the server doesn't have the correct private key to authenticate with GitHub. If I scp my private key up to the server beforehand, all subsequent deploys work perfectly.

Is there a preferred way of dealing with this?

@joemaller SSH forwarding should allow you to clone project files without having to scp your private key up to the server beforehand. Could you check whether your

  • ~/.ssh/config has ForwardAgent yes like this
  • ansible.cfg has the ForwardAgent=yes like this
1 Like

Thanks @fullyint, this got me there. Both settings were correct, but I found the fix way down at the very bottom of the GitHub SSH Forwarding page:

On Mac OS X, ssh-agent will “forget” this key, once it gets restarted during reboots. But you can import your SSH keys into Keychain using this command:

/usr/bin/ssh-add -K yourkey

I added the keys I have associated with GitHub using ssh-add and the next connection forwarded them correctly. My deploys are now working without manually transferring the keys.



@joemaller oh, interesting. Thanks for reporting back. That’s helpful. I vaguely remember I had to do this on my OS X, now that you mention it. But being a one-time task, I’d forgotten about it. So, thanks! Your note will help people.