I’m confused about how to handle ssh keys for connecting to GitHub. How are these supposed to be deployed?
I’ve successfully provisioned a couple DO droplets using bedrock-ansible, but the deploy playbook fails on “Clone project files” with this:
fatal: Could not read from remote repository.```
That fails because the server doesn't have the correct private key to authenticate with GitHub. If I scp my private key up to the server beforehand, all subsequent deploys work perfectly.
Is there a preferred way of dealing with this?
@joemaller SSH forwarding should allow you to clone project files without having to scp your private key up to the server beforehand. Could you check whether your
-
~/.ssh/config has ForwardAgent yes like this
-
ansible.cfg has the ForwardAgent=yes like this
1 Like
Thanks @fullyint, this got me there. Both settings were correct, but I found the fix way down at the very bottom of the GitHub SSH Forwarding page:
On Mac OS X, ssh-agent will “forget” this key, once it gets restarted during reboots. But you can import your SSH keys into Keychain using this command:
/usr/bin/ssh-add -K yourkey
I added the keys I have associated with GitHub using ssh-add and the next connection forwarded them correctly. My deploys are now working without manually transferring the keys.
Thanks!
5 Likes
@joemaller oh, interesting. Thanks for reporting back. That’s helpful. I vaguely remember I had to do this on my OS X, now that you mention it. But being a one-time task, I’d forgotten about it. So, thanks! Your note will help people.