genesis:provision should setup password-less SSH

[EvanK]

Because Capistrano ~2.15 (thanks to net-ssh 2.8.0) has issues with password authentication, I think the best course is for genesis:provision -S user=... -S password=... to use the credentials locally to setup the server for public-key authentication.

• Remove check for user (https://github.com/genesis/wordpress/blob/master/deployment/deploy.rb#L56-L64), as we should always use the deploy user.
• Create deploy on remote server (see SSH/expect tip below).
• SCP deploy user's SSH keys to remote machine.
• Add password-less sudo for deploy (e.g. %deploy ALL=(ALL) NOPASSWD:ALL).
• Let remaining genesis:provision with deploy user and private key,

Here's a trick to using expect to SSH into a machine with a user/pass & execute a command:

$ expect -c 'spawn ssh $USER@$HOST; \
             expect password;       \
             send "$PASSWORD\n";    \
             expect "$ ";           \
             send "$COMMAND\r";     \
             expect "$ ";           \
             send "exit\r";'

[ericclemmons]

@jameswlane has a similar bash script going:

https://gist.github.com/jameswlane/0e35413386be134477da

[EvanK]

That's pretty much exactly what I'm doing now, but I'm trying to integrate it into our genesis:provision task with ruby's built-in expect implementation.

[jameswlane]

If there is anything I can do to help out let me know. I am not familiar with expect, but that route sounds a lot better for the end user.

[EvanK]

I tested this against a local vagrant machine -- several times! -- and it seems to work:

• Initial provision without a user/pass fails with helpful error, as expected - see gist
• Initial provision with a user/pass succeeds when the workaround kicks in - see gist
• Re-provision with a user/pass succeeds with the workaround - see gist
• Re-provision without user/pass succeeds w/o workaround, since private key auth already exists - see gist

[ericclemmons]

Easy way to test:

bower install --save #131-provision-password-fix

/cc @weeirishman @EvanK

[weeirishman]

Worked perfectly for me, thanks guys.

[EvanK]

Added some verbose output to make debugging easier, but I believe this fix is ready to roll!

[ericclemmons]

Whoops, this wasn't tagged for release. Do you want me to take care of it @EvanK ?

[EvanK]

Sure

[ericclemmons]

Done!

7bd30db...3174a7f

Thanks for your help @EvanK!