Heads up: Deployment with newly generated SSH key (using ED25519) might fail

Updated . Posted . Visible to the public.

If you use a newer SSH key generated with the ED25519 algorithm instead of RSA (see Create a new SSH key pair), the deployment with Capistrano may fail with the following message:

The deploy has failed with an error: unsupported key type `ssh-ed25519'
net-ssh requires the following gems for ed25519 support:
 * ed25519 (>= 1.2, < 2.0)
 * bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/565 for more information
Gem::LoadError : "ed25519 is not part of the bundle. Add it to your Gemfile."

As described in the error message, the ed25519 and bcrypt_pbkdf gems must be added to the Gemfile to solve the problem. Now, the deployment should work faultlessly again.

After changing to ed25519, existing hostname fingerprints might no longer match. If you see an error like this when deploying to a server, you can remove your old (e.g. RSA based) fingerprints from ~/.ssh/known_hosts:

Exception while executing as USER@HOSTNAME: fingerprint SHA256:HASH does not match for "HOSTNAME,IP" (SSHKit::Runner::ExecuteError)

Fabian Schwarz
Last edit
Michael Leimstädtner
License
Source code in this card is licensed under the MIT License.
Posted by Fabian Schwarz to makandra dev (2023-03-09 09:17)