It may be the case, you have multiple ssh connections some for github accounts and some for one or more virtual boxes for Drupal sites. In this post, we cover how to generate, configure and manage multiple SSH accounts for drush. In addition, we go over how to overcome the error ‘ssh-copy-id: command not found ‘ that happens for Mac machines when trying to setup ssh keys via drush command ‘pushkey’
Generating Public/Private SSH Key Pair
For each different ssh account, you would generate ssh public/private key pair as following:
ssh-keygen -t rsa -C "email@example.com"
By default, this will store the generated key pairs(two files one with .pub extensions) in the directory you run the command from. We moved it into $HOME/.ssh directory and we will be referring to this directory in this post
Manage SSH Keys
You can manage multiple SSH keys by creating host aliases for each ssh key pair. The host aliases are defined in the $HOME/.ssh/config file and all they do is reference the keys per host alias as following
Host virtual-box-main HostName hostdomain.com User user-name IdentityFile ~/.ssh/id_rsa_virtual_box Host another-host-alias HostName some-remote-box.com User ssh-user IdentityFile ~/.ssh/private_key_gen_above
Here the host alias is ‘virtual-box-main’. The ‘hostname’ is actual domain name to the server you like to ssh. The ‘user’ is the actual ssh user account that will be used to ssh into the server. At last, the ssh key pair is referenced via ‘IdentityFile’ that was generated in the above step.
So, you can repeat the above steps to generate ssh key pairs for each ssh remote account. Then configure host alias by adding another entry as specified above for each different ssh login you need.
Once you have the ssh host alias setup, then to configure drush via the alias(one location $HOME/.drush/aliases.drushrc.php) as following:
$aliases['ds.prod'] = array( 'remote-host' => 'virtual-box-main', 'remote-user' => 'root', 'root' => '/home/websites/site', 'uri' => 'http://site.com', );
Here the host alias configure in ssh is specified ‘remote-host’, so when drush makes the ssh connection it will look it up the alias to identify ssh key to use for login
If you try to connect with the current setup:
drush @ds.prod st
You will get following error:
Permission denied (publickey,password).
This is because the remote machine needs to have the ssh public key in order to be able authenticate. Lets push the key:
drush pushkey @ds.prod
This function copies the ssh key into the server for ssh authentication.
For Mac, this will result into the following error because Mac doesn’t have the function ‘ssh-copy-id’
ssh-copy-id: command not found
So, solution is to copy ssh key manually
Copy Public SSh Key Manually
To copy the public ssh key, run the following:
cat id_rsa_virtual_box.pub | ssh firstname.lastname@example.org 'cat >> .ssh/authorized_keys'
This pipes the ssh key and then logs into the virtual server and pasts the key into authorized_keys file. You may be missing the .ssh folder on the remote server. In that case, you make it create one as following:
cat id_rsa_virtual_box.pub | ssh email@example.com 'umask 077; mkdir -p .ssh ; cat >> .ssh/authorized_keys'
drush @some.alias st
It should be displaying the status of the site on remote server
1. Test SSH Authentication
To test any of your SSH Aliases setups:
Here, we test the alias ‘virtual-box-main’. This will prompt for password if logging in for the first time. All other times it logs you in without password
Note: for ssh services that has turned off interactive mode such as Git, you use -T flag:
ssh -T git-ssh-alias
This will confirm if your ssh is setup correctly or not
2. Permission denied (publickey,password).
You will get this message if you haven’t set up the ssh as described in this post
3. ‘pushkey’ could not be found drush
This is because the push key function is addition and needs to be downloaded as following:
drush dl drush_extras
This will download and install drush_extras module that includes “pushkey” command
4. “sudo: no tty present and no askpass program specified”
This is issue comes up when you open ssh without tty session. It can be solved in 2 ways depending on how much access you have on remote instance or whatever the remote instance has the capability of NOPASSWORD
- Turn on NOPASSWORD on remote instance as described here:
- Configure Drush to pass in credentials at time of ssh-ing. Its being done by editing .drush/drushrc.php and adding following line:
$options['ssh-options'] = '-o PasswordAuthentication=no -i $HOME/.ssh/id_rsa/lamp_vbox';
Here the lamp_vbox is the private key generated by ssh-keygen
5. WARNING: UNPROTECTED PRIVATE KEY FILE!
The permissions need to be reset:
sudo chmod 600 /path/.ssh/id_rsa/lamp_vbox sudo chmod 600 /path/.ssh/id_rsa/lamp_vbox.pub sudo chmod 644 /path/.ssh/known_hosts sudo chmod 755 /path/.ssh