SSH public key authentication errors
In DeployHQ, a number of issues related to authenticating a server using SSH can result in the following message when attempting to add a server to your project :
"We couldn't access this server using the credentials you have provided. Have you uploaded the appropriate public key onto the server?"
If you are seeing this message, there are a number of things to check:
1) You have added the key from the following place within your project:
https://your-deploy-domain.deployhq.com/projects/project_name/repository
2) That the key has been added to ~/.ssh/authorized_keys
on your server, for your deployment user.
3) Permissions of that directory and keys file are set as follows:
drwx------ 8 adamwest staff 256 21 Sep 14:00 /Users/adamwest/.ssh
-rw------- 1 adamwest staff 1211 21 Nov 16:29 /Users/adamwest/.ssh/authorized_keys
If the permissions are incorrect, they can be modified using the following commands:
$ chmod 700 ~/.ssh/
$ chmod 600 ~/.ssh/authorized_keys
Please note that if you can connect locally via your own public key pair, it’s possible that your server accepts a different key format than what DeployHQ generates, which is ED25519 on newer projects, or RSA on older projects. You can generate your own key locally and upload it as a custom key pair and use that to connect instead.
If you do upload a custom private key to your project, it will also need to be uploaded to any servers that you're connecting to in the same way as outlined above, as well as the repository host.
Further information
For additional information about SSH login failures, it's useful to check your authorisation log file, typically located within /var/log/auth.log
on most Linux systems. It's recommended to run the following command to monitor this log while you test a connection from DeployHQ:
tail -f /var/log/auth.log
You may need to update your LogLevel
to a high enough verbosity as well, to ensure that useful information is provided when testing. This is normally configured within /etc/ssh/sshd_config
and the line will look like so:
LogLevel DEBUG
If you make any changes to the configuration, you will likely need to restart the sshd process for it to take effect.
If you notice a log similar to the following:
sshd: Connection closed by authenticating user [USER][IP_address] port [PORT] [preauth]
This error, albeit uncommon, can sometimes be fixed by recaching the repository in your DeployHQ project.