Capistrano: Authentication failed for user ubuntu@xx.xxx.xxx.xxx (Net::SSH::AuthenticationFailed)

Question

I can connect via ssh ubuntu@xx.xxx.xxx.xxx. but not via cap production deploy:check

current

set :user, "ubuntu"
set :ssh_options, { forward_agent: true }

server "xx.xxx.xxx.xxx",
       user: fetch(:user),
       roles: %w[web app db]

tried

set :user, "ubuntu"
set :ssh_options, {
  forward_agent: true,
  user: fetch(:user),
  keys: %w(~/.ssh/id_rsa)
}

server "xx.xxx.xxx.xxx",
       user: fetch(:user),
       roles: %w[web app db]

The "current" used to be my setup for other projects, and I just have to ssh-add then cap production deploy

What changed? or is my config incorrect?

Answer 1

If none of the solutions above works, confirm the location of your ssh using "pwd" on your terminal then insert it here:

set :ssh_options, {
  forward_agent: false,
  keys: "/your-directory-based-on-pwd/.ssh/key.pem"
}

Answer 2

ssh-rsa has been disabled by default for security reasons and should be avoided.

You may need to update the net-ssh gem, as support for rsa-sha2-512 and rsa-sha2-256 host key algorithms were added in version 6.2.0.beta1.

Updating net-ssh directly may not work due to other dependencies, so you may have to update sshkit.

bundle update sshkit

Answer 3

issue: Authentication failed for user ubuntu@xx.xxx.xxx.xxx (Net::SSH::AuthenticationFailed) via capistrano but can ssh directly

debugging:

• sudo tail -f /var/log/auth.log on the server
• then tried cap production deploy:check on my local
• userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] appeared from auth.log

solution:

• edited then /etc/ssh/sshd_config
  • find PubkeyAuthentication then uncomment(remove #)
  • add PubkeyAcceptedKeyTypes=+ssh-rsa
• restart sshd sudo systemctl restart sshd