I recently provisioned and deployed a site successfully. Everything was working great, until this week, I got rid of my old laptop and got a new one.
I never thought about my SSH keys at the time.
Since Trellis set my remote server up SSH password authentication and root login both disabled, I couldn’t SSH in.
So, here’s what I did:
- I generated a new SSH key on my new laptop
- Added it to my GitHub account
- Deleted my old SSH key from my GitHub account, since I thought it was no longer needed. (I probably shouldn’t have done this?)
- Opened a console for my droplet on the Digitalocean website and managed to enable root login to my server.
- Copied my local key by using
clip < ~/.ssh/id_rsa.pub
- Manually SSH’d in to the server and manually added my key to both ~/web/.ssh/authorized_keys and ~/admin/.ssh/authorized_keys
- Disabled root login again
After doing some reading, these steps were probably not needed. Could I have just reprovisioned with trellis to add my new key? But I still would have had to enable root login I think.
Anyway, it seemed to work, I could SSH from my new local machine to my server using my new key, and I can commit to Github from local with no issues.
However, yesterday I tried to deploy some changes using ./deploy.sh production mysite.com
, and I get an error reading permission denied (publickey)
After doing some more reading, it seems like this is an issue with SSH forwarding.
So I followed all the steps recommended here: Redirecting...
- My keys work locally
- Local ssh-agent is running
- SSH agent forwarding is allowed, I created and added the following to ~/.ssh/config (IS Trellis supposed to create this file for me?)
Host example.com
ForwardAgent yes
The only step that gave me trouble was making my key available to ssh-agent.
ssh-add id_rsa
works, but when I try ssh-add id_rsa.pub
it asks me for my ssh passphrase, even though I left that blank on setup.
Anyway, when I run ssh -T git@github.com
I’m still getting permission denied (publickey)
Running echo "$SSH_AUTH_SOCK"
on both local and remote gives different outputs, which means forwarding is still not working I guess.
So, I’m out of ideas basically. Is there a way to have Trellis set up SSH keys again for me? Can I just enable root login, delete my authorized_keys files, and re-provision my server?