I’m confused about how to handle ssh keys for connecting to GitHub. How are these supposed to be deployed?
I’ve successfully provisioned a couple DO droplets using bedrock-ansible, but the deploy playbook fails on “Clone project files” with this:
fatal: Could not read from remote repository.```
That fails because the server doesn't have the correct private key to authenticate with GitHub. If I scp my private key up to the server beforehand, all subsequent deploys work perfectly.
Is there a preferred way of dealing with this?
@joemaller SSH forwarding should allow you to clone project files without having to scp your private key up to the server beforehand. Could you check whether your
ForwardAgent yes like this
ansible.cfg has the
ForwardAgent=yes like this
Thanks @fullyint, this got me there. Both settings were correct, but I found the fix way down at the very bottom of the GitHub SSH Forwarding page:
On Mac OS X, ssh-agent will “forget” this key, once it gets restarted during reboots. But you can import your SSH keys into Keychain using this command:
/usr/bin/ssh-add -K yourkey
I added the keys I have associated with GitHub using
ssh-add and the next connection forwarded them correctly. My deploys are now working without manually transferring the keys.
@joemaller oh, interesting. Thanks for reporting back. That’s helpful. I vaguely remember I had to do this on my OS X, now that you mention it. But being a one-time task, I’d forgotten about it. So, thanks! Your note will help people.