I upgraded to the latest Trellis and I also added https://github.com/jasperf.keys to add my Mac Mini’s public SSH key to the mix so I can work on the site from it. But the key was not added to ~/.ssh/authorized_keys . This after successfully running a ansible-playbook server.yml -e env=production to re-provision the server.
Your output suggests that you’ve added the new pub keys to this location for the web_user. I’m guessing you’ll find the keys are there on the server in /home/web/.ssh/authorized_keys. If you don’t see the key in the logged in user’s home directory ~/.ssh/authorized_keys, I’m guessing you are making the ssh connection as a user other than web. Are you perhaps connecting as ssh firstname.lastname@example.org?
Your output also shows that you’ve added the sudo group for the web_user. This is contrary to the intention for web to be a limited privilege user. Or perhaps you renamed the admin_user: web.
use the default of admin_user: admin and web_user: web
remove the sudo group from web_user in the users list
add your new public keys to either admin or root
if admin, add keys to the users under admin_user, then reprovision and do your manual ssh connections as admin
if root, add a new user root to the users list, with the new keys and sudo in groups, then reprovision and do your manual ssh connections as root
Alternatively, you could add any new user name you want to users (e.g. jasperfrumau), with your new keys. See the SSH-keys docs to make sense of everything I’ve mentioned above.
So I do not have the sudo group under web_user. I added my keys to both users. I am using admin (dhc-user) to access. I did not have the line : - https://github.com/jasperf.keys in the previous version though so that has changed.
As I am using a Dreamhost Cloud server I have to use the user dhc-user which is my admin. When I did a cat ~/ssh/autorized_keys I see the keys I added before. This I checked in the home directory of the dhc-user:
uid=1000(dhc-user) gid=27(sudo) groups=27(sudo)
So… Still not sure really what is going on. But still waking up… Might need more coffee.
I think you’re all set, given that you’ve now added - https://github.com/jasperf.keys for the admin_user. Should work fine to use admin_user: dhc-user.
So, perhaps your keys are at home/dhc-user/.ssh/authorized_keys because you added them manually, as per your initial post, but with the keys listed under admin_user, this users setup should automatically add the keys on any new server you provision.
Maybe before you added the keys manually, they were only at /home/web/.ssh/authorized_keys, but the server.yml playbook was trying to connect as dhc-user. Anyway, now both dhc-user can connect to run server.yml and web can connect to run deploy.yml.
Yeah, should all be good to go. Will be doing a provisioning from my MBP now and later on again from my Mac Mini. Should all be OK now I guess. And using this future setup I should avoid having further issues with keys. Thanks for helping out!