I am deploying my Github repo to a Media Temple Grid Server using Capistrano. In order to do this, I've setup the following:
- Enabled logging into the remote server with SSH keys (following this guide)
- Created an SSH key on the remote server and added the SSH keys to Github (so I can pull/clone a repo from Github)
- Setup my Capistrano deploy.rb file with
set :use_sudo, falseanddefault_run_options[:pty] = truebecause I am connecting and deploying with SSH keys and want to be as secure as possible
I'd like to know if this is:
- Secure: Is my workflow secure?
- Conventional: Is this the orthodox way of setting up this workflow?
Unfortunately, I was unable to use SSH agent forwarding with the Grid Server. I understand this is easier (and potentially safer) than creating SSH keys on the remote server and sharing them with Github.
As far as I know Media temple does not block SSH Forwarding on their Grid service. You most likely have an issue with your configuration someplace, or your keys are not actually added to your keychain. Github has a good walkthru on setting this up.
Github's instructions for SSH Forwarding
Not having worked with Capistrano, or Ruby, I don't know how those guys set up their workflow, but you want to get the forwarding working if at all possible to be most secure (don't want to have your private keys sitting out on a virtual hosting server that might get compromised at any time).
Per The Brawny Man's suggestion, Media Temple does let you use SSH forwarding. Since the keys won't live on the server after I log out, this is going to be the most secure method of authentication.