managing ssh keys with capistrano
I did a lightning talk at MountainWest RubyConf 2007 covering how we use capistrano at Integrum to manage ssh keys for some of our Xen servers. Please note that this works for a single user sharing multiple keys. Here is how it’s done.
Create your directories:
1 2 3 4 5 |
mkdir sshkeys cd sshkeys mkdir config mkdir keys |
Now the recipe.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# config/deploy.rb role :app, "myserver.com", "myserver2.com", set :user, "username" set :deploy_to, "/Users/#{user}/.ssh" set :use_sudo, false # override setup since we only need to create the releases path task :setup do run "mkdir -p -m 775 #{releases_path}" end # override update_code since we are not using SCM task :update_code do on_rollback { delete release_path, :recursive => true } run "mkdir #{release_path}" # collect all keys and concat them into authorized_keys file on remote server put(Dir['keys/*'].collect {|filename| File.read(filename).strip}.join("\n"), "#{release_path}/authorized_keys") end task :after_symlink do run "ln -nf #{current_path}/authorized_keys #{deploy_to}/authorized_keys" end task :restart do # nothing to restart end |
That’s pretty much it, nothing fancy but a nice practical solution that works well and makes my life easier.