Ssh authentication for web user during deployment

I’m having issues deploying due to authentication problem with web user, seem to have hit a wall, as spent the whole day trying to get this to work. I have at least one site deploying without issue, but need to deploy some older sites and the deploy fails with the error…

TASK [Setup] ***************************
fatal : [ip address ] : UNREACHABLE => { “Changed”: false, “msg”: “Failed to connect to the host via ssh.”, “unreachable”: true }

I understand the web user is the issue here, but have a similar setup on another site where deployment is working without issue, so have drawn a blank at working out where the cause of problems is. On both sites I can connect use ssh, but when attempting to connect using on sites with the issue it asks for a password, but on the site that works I can successfully ssh

I have the same gitbhub keys listed on all sites. The site that is working is the most recent, and up to date version of Trellis, some of the others with issues use Trellis, some older format with the ansible folders.

Hoping someone can point me in the right direction to work out why the web user is not able to deploy or connect.

I am running Xubuntu 16.04


Seems like an obvious first question, but if you have set up the same keys for the admin and web user, did you provision first? Can you log in as admin? If you can only log in as root, seems like maybe it wasn’t provisioned…

1 Like

Thanks @kalenjohnson, obvious questions are always good! I can’t login as admin either. The server has been provisioned and previously deployed by my business partner. Do I need to re-provision in order to be able deploy, will this cause any problems with the site already running? I had thought that as the same keys are specified for admin and web as in other sites we’ve worked on, and I can connect using root this should allow me to deploy. This works for me on other sites, where I haven’t provisioned, and my colleague can deploy the site(s) with this issue when I am unable to. My understanding of how the ssh keys are configured by Trellis is currently somewhat limited.

If you’ve added a new site, you do need to reprovision, or added a new user, etc.


It’s an existing website, I’ve just not worked on it before, it’s been live since October 2015,so it’s been provisioned and is fully operational. There are several others I have the same issue with, similarly been live for some time. I just need to be able deploy changes I’ve worked on locally to the live server. I can ssh as root to the server, but I can’t run deployments, presumably because of how the web user is configured. How can I ensure the web user is configured to utilise the same key? I have deployed several other sites without issue.

Thanks again for your help. I’m not quite sure why as the keys were specified in the configuration already, but reprovisioning websites which I couldn’t deploy did resolve the issue. Its possible the keys weren’t added to github at the time the servers were originally provisioned. Running the provision again ensured the web user had the correct keys, and I could run the deploy. So obvious now!

1 Like

Had the same issue. Moved full site copy to new Mac Book Pro. Copied the new ssh public key from the newly generated id_rsa keys to authorized_keys file at the server and thought that would all work as I had tested it all with ssh before. But deploying was no longer possible. Had to re-provision and after I had done that I could deploy all the changes as well.