Baremetal deployment - Authentication failure with ed25519 keys

Hey everybody,
I already had a working Redwood app with baremetal deployment. Was deploying fine until recently, now I get a message informing me that All configured authentication methods failed - apart from a system upgrade on my local machine, nothing much changed…

Here is an excerpt from my deploy.toml

host = "REMOTE IP"
username = "REMOTE USER"
agentForward = true
sides = ["api","web"]
packageManagerCommand = "yarn"
monitorCommand = "pm2"
path = "/var/www/app"
processNames = ["serve"]
repo = "git@MYPROJECT-REPO"
branch = "master"
keepReleases = 2

Again, this was working fine until recently.

I used this config along with the following script:

eval $(ssh-agent)
ssh-add ~/.ssh/MYPRIVATEKEY
yarn rw deploy baremetal production

Okay… So I went back to the documentation and added the following line to my deploy.toml

privateKeyPath = "/home/MYUSER/.ssh/MYPRIVATEKEY"

Then, when I try to run the I get:

    βœ– Connecting...
      β†’ Cannot parse privateKey: Unsupported OpenSSH private key type: ssh-ed25519
      Cloning `master` branch...
      Symlink .env...
      Installing dependencies...
      DB Migrations...
      Building api...
      Building web...
      Symlinking current release...
      Restarting serve process...
      After restart: `yarn rw exec syncNotionUsers && yarn rw exec syncSlackUsers && yarn rw exec syncAbsences && yarn rw exec syncSupportStats`
      Cleaning up old deploys...

Deploy failed:
β”‚ Cannot parse privateKey: Unsupported OpenSSH private key type: ssh-ed25519 β”‚

Do I really have to use a RSA key? Is this a redwood issue? When I do a normal ssh into my remote box from the terminal it all works great. Just the deployment fails.

(Variables written in ALL CAPS are values that I want to keep private)

Hmm, we’re just using the node-ssh lib to do the SSHing, and it seems strange that they wouldn’t support all the popular algorithms. Have you checked their docs/issue to see if there’s any mention of this error?

A little update.

TLDR: I am now using a new RSA key for deploying

After some testing on another device (MacOs instead of Linux) we had the same issue. However after further testing, I tried generating a RSA key, add it to the authorized_keys on the server and deploy with that. Now in my deploy.toml I added the privateKeyPath:

privateKeyPath = "/home/MYUSER/.ssh/MYNEWRSAKEY"

Now, I can skip the shell script and just deploy with yarn rw deploy baremetal production.

The workaround is good enough, I don’t mind having a separate key for deployment.

1 Like

Glad you got it working! But so strange that your original key wasn’t accepted…if it works with just the ssh command, I don’t see why it wouldn’t work with node-ssh, I thought it was just running those same commands for you under the hood. Maybe it’s actually using dev libraries and building its own version of ssh under the hood?