Baremetal deployment using deploy keys

Get Help and Help Others
1

Hello!

I am trying to deploy on bare metal following the documentation. I have already put several instances into production using agentForward, but here I am encountering issues with the use of deploy keys.

I have generated a key pair (first Ed25519 and then RSA), set up the public key in the GitHub interface under deploy keys.

Here are the different config files:

.ssh-config:

Host github.com-mydas-0
  Hostname github.com
  IdentityFile ~/.ssh/deploy_key_github_mydas
  AddKeysToAgent yes
  ForwardAgent yes

redwood.toml:

[[production.servers]]
host = "xxx.xxx.xxx.xxx"
username = "deploy"
agentForward = false
sides = ["api", "web"]
packageManagerCommand = "yarn"
monitorCommand = "pm2"
path = "/var/www/mydas"
processNames = ["serve"]
repo = "git@github.com:LotuxPunk/Mydas.git"
branch = "main"
keepReleases = 5
privateKeyPath = ".keys/id_rsa_mydas_vandeas_deploy"
before.update = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/deploy_key_github_mydas"

Note: I tried adding the step before the clone to try to wake up the ssh-agent, but it had no effect, the error is similar.

The logs:

[STARTED] xxx.xxx.xxx.xxx
[STARTED] Connecting...
[COMPLETED] Connecting...
[STARTED] Before update: `eval "$(ssh-agent -s)" && ssh-add ~/.ssh/deploy_key_github_mydas`
SshExecutor::exec running command `eval "$(ssh-agent -s)" && ssh-add ~/.ssh/deploy_key_github_mydas` in /var/www/mydas
[COMPLETED] Before update: `eval "$(ssh-agent -s)" && ssh-add ~/.ssh/deploy_key_github_mydas`
[STARTED] Cloning `main` branch...
SshExecutor::exec running command `git clone --branch=main --depth=1 git@github.com:LotuxPunk/Mydas.git 20240628095418` in /var/www/mydas
[FAILED] Error while running command `git clone --branch=main --depth=1 git@github.com:LotuxPunk/Mydas.git 20240628095418` in /var/www/mydas
[FAILED] Cloning into '20240628095418'...
[FAILED] git@github.com: Permission denied (publickey).
[FAILED] fatal: Could not read from remote repository.

[FAILED] Please make sure you have the correct access rights
[FAILED] and the repository exists.
[FAILED] Error while running command `git clone --branch=main --depth=1 git@github.com:LotuxPunk/Mydas.git 20240628095418` in /var/www/mydas
[FAILED] Cloning into '20240628095418'...
[FAILED] git@github.com: Permission denied (publickey).
[FAILED] fatal: Could not read from remote repository.

[FAILED] Please make sure you have the correct access rights
[FAILED] and the repository exists.

I tried cloning the repo directly from the server using the deploy key, and it works like a charm:

deploy@mydas:~$ eval "$(ssh-agent -s)" && ssh-add ~/.ssh/deploy_key_github_mydas
Agent pid 92004
Identity added: /home/deploy/.ssh/deploy_key_github_mydas (cv@vandeas.be)
deploy@mydas:~$ git clone git@github.com:LotuxPunk/Mydas.git
Cloning into 'Mydas'...
remote: Enumerating objects: 683, done.
remote: Counting objects: 100% (683/683), done.
remote: Compressing objects: 100% (329/329), done.
remote: Total 683 (delta 356), reused 605 (delta 278), pack-reused 0
Receiving objects: 100% (683/683), 471.40 KiB | 1.26 MiB/s, done.
Resolving deltas: 100% (356/356), done.

Do you have any leads to solve this problem? Thanks in advance!

2

Apparently the ssh config was wrong:

Host github.com
    Hostname github.com
    IdentityFile ~/.ssh/deploy_key_github_mydas
    AddKeysToAgent yes
    IdentitiesOnly yes

Seems to work