Using multiple deploy keys on github using .ssh/config

You can use multiple deploy keys for Github created with ssh-keygen following with these steps.

You have to add to your ~/.ssh/config

Host github_deploy_key_1
    Hostname github.com
    User git
    IdentityFile ~/.ssh/github_deploy_key_1_rsa

Host github_deploy_key_2
    Hostname github.com
    User git
    IdentityFile ~/.ssh/github_deploy_key_2_rsa

If you haven’t added your github name on git:

git config --global user.name "yourgithubname"
git config --global user.email "youremail@example.com"

Then clone your repository specifying your custom host, adapting what github suggest to you on repo page:

git clone git@github_deploy_key_1:yourgithubname/your-repo.git

If you have enabled push permissions you can use this deploy key even to update the repository.

In this way you can keep a server clean from your github passepartout and add only the keys it needs.

Advertisements

Disable password authentication on sshd

To disallow password authentication on ssh, adduser –disabled-password will not disable openSSH password.

To disable the password authentication, you have to put these values on /etc/ssh/sshd_config to:

PasswordAuthentication no
UsePAM no
PermitRootLogin no

Then you’ve to:

systemctl restart sshd

to apply changes.

Connection will not be reset so before logout try to login on a different terminal to check you can login.

Actually PermitRootLogin disable the root login for any method, but it’s an useful addition. Remember to add at least one user to the sudo group or you will not be able to operate as super-user without using su – root.

To check if password auth is disabled:

ssh -o PreferredAuthentications=password USER@HOST

Exprected output is:

USER@HOST: Permission denied (publickey).

Django and Drupal integration using drush via SSH

Some months ago I talked about how to achieve a unified login from Django to Drupal using drush. The basic assumption was that both Drupal and Django are on the same server. What if the two components are on different servers?

Paramiko is a SSH2 protocol library aimed to provide simple classes to make SSH connection. Let’s see how the code to call drush on command line changes.

Prerequisites:

  • paramiko
  • on your app settings.py add:
  • DRUPAL_SERVER_SSH_HOST     = '0.0.0.0' # Your host here
    DRUPAL_SERVER_SSH_USERNAME = 'YourRemoteServerUserHere'
    DRUPAL_SERVER_SSH_PASSWORD = 'YourRemoteServerPasswordHere'

    And then:

    assert request.user.drupal_id > 0
    # user id to log in
    drupal_id = str(request.user.drupal_id)
    output = ""
    try:
     # a list with command as first element and arguments following
     get_password_recovery_url = ["drush", "-r", settings.DRUPAL_SITE_PATH, "-l", settings.DRUPAL_SITE_NAME, "user-login", drupal_id]
     # via ssh http://stackoverflow.com/a/3586168/892951
     ssh = paramiko.SSHClient()
     # add to known_host the remote server key if it's not already stored
     # @see http://jessenoller.com/blog/2009/02/05/ssh-programming-with-paramiko-completely-different
     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
     ssh.connect(settings.DRUPAL_SERVER_SSH_HOST, username=settings.DRUPAL_SERVER_SSH_USERNAME, password=settings.DRUPAL_SERVER_SSH_PASSWORD)
     ssh_stdin, output, ssh_stderr = ssh.exec_command(" ".join(get_password_recovery_url))
     output_lines = output.read().splitlines()
     # taking only the first line of the output:
     # e.g. 'http://example.com.it/user/reset/16/1369986816/67k7ReHi97FdtRfdrrXGqqesyz6FXyy7T8jqHiXxsrY/login'
    except:
     # @todo additional statements here
     pass
    finally:
     if ssh:
      ssh.close()
    
    if output_lines:
    drupal_login_url = output_lines[0].replace("http://example.com/", "http://%s/" % settings.DRUPAL_SITE_URL).strip()
    
    destination = "%s?destination=%s" % (drupal_login_url, settings.DRUPAL_LOGIN_DESTINATION)
     return redirect(destination)
    else:
     return HttpResponse('
    <h1>Wrong request</h1>
    ')
    

    This is the same code of the previous howto, with the difference that drush now is running on a different server of django. You can use the same method to do anything you have to with drush, any time you call this piece of code an SSH connection is opened.

    See also: