I’m not sure if this is a change with the Lima VMs or just the way the dev.yml playbook has always worked. The docs here SSH Key Management in Trellis | Trellis Docs | Roots note that Trellis on development uses one’s local username for all operations, so I suspect it’s the latter.
The Lima-aware shell command is trellis vm shell. I believe it wraps limactl shell <instance>.
The same error happens with the trellis log command (this is very annoying!). That tries to use the web user, not admin:
❯ trellis logs -n 50 development
Running command => ssh [email protected] tail -n 50 -f /srv/www/example.com/logs/*[^gz]?
[email protected]: Permission denied (publickey).
If I SSH in via lima (trellis vm shell) and run cat /etc/passwd, I don’t even see an admin or web user:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:996:996:systemd Time Synchronization:/:/usr/sbin/nologin
dhcpcd:x:100:65534:DHCP Client Daemon,,,:/usr/lib/dhcpcd:/bin/false
messagebus:x:101:101::/nonexistent:/usr/sbin/nologin
syslog:x:102:102::/nonexistent:/usr/sbin/nologin
systemd-resolve:x:991:991:systemd Resolver:/:/usr/sbin/nologin
uuidd:x:103:103::/run/uuidd:/usr/sbin/nologin
tss:x:104:104:TPM software stack,,,:/var/lib/tpm:/bin/false
sshd:x:105:65534::/run/sshd:/usr/sbin/nologin
pollinate:x:106:1::/var/cache/pollinate:/bin/false
tcpdump:x:107:108::/nonexistent:/usr/sbin/nologin
landscape:x:108:109::/var/lib/landscape:/usr/sbin/nologin
fwupd-refresh:x:990:990:Firmware update daemon:/var/lib/fwupd:/usr/sbin/nologin
polkitd:x:989:989:User for polkitd:/:/usr/sbin/nologin
andron:x:501:1000:Andron Ocean:/home/andron.linux:/bin/bash
ntpsec:x:109:112::/nonexistent:/usr/sbin/nologin
mysql:x:110:113:MariaDB Server,,,:/nonexistent:/bin/false
memcache:x:111:114:Memcached,,,:/nonexistent:/bin/false
nginx:x:999:988:nginx user:/nonexistent:/usr/sbin/nologin
I haven’t dug into why they’re not added in development by group_vars/all/users.yml… but they’re evidently not, so any SSH config you added for them will be ignored.
It would be nice if the other shell commands could be made to work (particularly for logs).
However, I haven’t run into any issues relying on trellis vm shell. I can get the logs by running ssh andron@lima-example-com tail -n 50 -f '/srv/www/example.com/logs/*[^gz]?' (substituting appropriately).