Setting Up and Managing Multiple SSH Accounts for Drush on Mac/Linux

It may be the case, you have multiple ssh connections some for github accounts and some for one or more virtual boxes for Drupal sites. In this post, we cover how to generate, configure and manage multiple SSH accounts for drush. In addition, we go over how to overcome the error ‘ssh-copy-id: command not found ‘ that happens for Mac machines when trying to setup ssh keys via drush command ‘pushkey’

Generating Public/Private SSH Key Pair

For each different ssh account, you would generate ssh public/private key pair as following:

ssh-keygen -t rsa -C "user@hostname.com"

By default, this will store the generated key pairs(two files one with .pub extensions) in the directory you run the command from. We moved it into $HOME/.ssh directory and we will be referring to this directory in this post

Manage SSH Keys

You can manage multiple SSH keys by creating host aliases for each ssh key pair. The host aliases are defined in the $HOME/.ssh/config file and all they do is reference the keys per host alias as following

Host virtual-box-main
        HostName hostdomain.com
        User user-name
        IdentityFile ~/.ssh/id_rsa_virtual_box

Host another-host-alias
        HostName some-remote-box.com
        User ssh-user
        IdentityFile ~/.ssh/private_key_gen_above

Here the host alias is ‘virtual-box-main’. The ‘hostname’ is actual domain name to the server you like to ssh. The ‘user’ is the actual ssh user account that will be used to ssh into the server. At last, the ssh key pair is referenced via ‘IdentityFile’ that was generated in the above step.

So, you can repeat the above steps to generate ssh key pairs for each ssh remote account. Then configure host alias by adding another entry as specified above for each different ssh login you need.

Setup Drush

Once you have the ssh host alias setup, then to configure drush via the alias(one location $HOME/.drush/aliases.drushrc.php) as following:

$aliases['ds.prod'] = array(
	'remote-host' => 'virtual-box-main',
	'remote-user' => 'root',
	'root' => '/home/websites/site',
	'uri' => 'http://site.com',
    );

Here the host alias configure in ssh is specified ‘remote-host’, so when drush makes the ssh connection it will look it up the alias to identify ssh key to use for login

If you try to connect with the current setup:

drush @ds.prod st

You will get following error:
Permission denied (publickey,password).

This is because the remote machine needs to have the ssh public key in order to be able authenticate. Lets push the key:

drush pushkey @ds.prod

This function copies the ssh key into the server for ssh authentication.

For Mac, this will result into the following error because Mac doesn’t have the function ‘ssh-copy-id’
ssh-copy-id: command not found
So, solution is to copy ssh key manually

Copy Public SSh Key Manually

To copy the public ssh key, run the following:

cat id_rsa_virtual_box.pub | ssh user@virtualbox.com 'cat >> .ssh/authorized_keys' 

This pipes the ssh key and then logs into the virtual server and pasts the key into authorized_keys file. You may be missing the .ssh folder on the remote server. In that case, you make it create one as following:

cat id_rsa_virtual_box.pub | ssh user@virtualbox.com 'umask 077; mkdir -p .ssh ; cat >> .ssh/authorized_keys'

Now, running:

drush @some.alias st

It should be displaying the status of the site on remote server

Troubleshooting

1. Test SSH Authentication

To test any of your SSH Aliases setups:

ssh virtual-box-main

Here, we test the alias ‘virtual-box-main’. This will prompt for password if logging in for the first time. All other times it logs you in without password
Note: for ssh services that has turned off interactive mode such as Git, you use -T flag:

ssh -T git-ssh-alias

This will confirm if your ssh is setup correctly or not

2. Permission denied (publickey,password).

You will get this message if you haven’t set up the ssh as described in this post

3. ‘pushkey’ could not be found drush

This is because the push key function is addition and needs to be downloaded as following:

drush dl drush_extras

This will download and install drush_extras module that includes “pushkey” command

4. “sudo: no tty present and no askpass program specified”

This is issue comes up when you open ssh without tty session. It can be solved in 2 ways depending on how much access you have on remote instance or whatever the remote instance has the capability of NOPASSWORD

  1. Turn on NOPASSWORD on remote instance as described here:
    http://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password/443071#443071
  2. Configure Drush to pass in credentials at time of ssh-ing. Its being done by editing .drush/drushrc.php and adding following line:
    $options['ssh-options'] = '-o PasswordAuthentication=no -i $HOME/.ssh/id_rsa/lamp_vbox';
    

    Here the lamp_vbox is the private key generated by ssh-keygen

5. WARNING: UNPROTECTED PRIVATE KEY FILE!

The permissions need to be reset:

sudo chmod 600 /path/.ssh/id_rsa/lamp_vbox
sudo chmod 600 /path/.ssh/id_rsa/lamp_vbox.pub
sudo chmod 644 /path/.ssh/known_hosts
sudo chmod 755 /path/.ssh
References

http://mail-archives.apache.org/mod_mbox/hadoop-mapreduce-user/201210.mbox
http://blogs.uoregon.edu/developments/2012/06/21/bash-function-ssh-copy-id-for-mac/
http://www.drush.org/sites/default/files/attachments/DGD7-Drush.pdf
http://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0

Leave a Reply

Your email address will not be published. Required fields are marked *