See the best posts from any Bluesky account
Add diagnostics to deploy ssh step
Server is rejecting the key with "Permission denied (publickey)".
Print the key file's byte/line count and derived public key so we
can compare against authorized_keys on the server, and run ssh -v
to surface which auth methods failed. Also strip stray CRLF from
the secret in case the secret store added them.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
+7
-2
+7
-2
.tangled/workflows/deploy.yml
+7
-2
.tangled/workflows/deploy.yml
···
20
20
echo "root:x:0:0:root:/root:/bin/sh" >> /etc/passwd
21
21
export HOME=/root
22
22
mkdir -p "$HOME/.ssh"
23
-
printf '%s\n' "$DEPLOY_SSH_KEY" > "$HOME/.ssh/id_deploy"
23
+
# Strip any CRLF the secret store may have introduced.
24
+
printf '%s\n' "${DEPLOY_SSH_KEY//$'\r'/}" > "$HOME/.ssh/id_deploy"
24
25
chmod 600 "$HOME/.ssh/id_deploy"
25
-
ssh \
26
+
echo "key bytes: $(wc -c < "$HOME/.ssh/id_deploy"), lines: $(wc -l < "$HOME/.ssh/id_deploy")"
27
+
echo "derived public key (compare with authorized_keys on server):"
28
+
ssh-keygen -y -f "$HOME/.ssh/id_deploy"
29
+
ssh -v \
26
30
-i "$HOME/.ssh/id_deploy" \
27
31
-o StrictHostKeyChecking=no \
28
32
-o UserKnownHostsFile=/dev/null \
33
+
-o IdentitiesOnly=yes \
29
34
"$DEPLOY_USER@$DEPLOY_HOST" \
30
35
"cd $DEPLOY_PATH && ./deploy.sh"