When deploying code with Capistrano (depending on your configuration) at some point Capistrano tries to check out code from your repository. In order to do so, Capistrano connects to your repository server from the application server you're deploying to with SSH. For this connection you can use two SSH keys:
- the user's
~/.ssh/id_rsa
[default] - the very same key you used for connecting to the application server - forwarded automatically to the git repository.
If you prefer the second way, add this to deploy.rb:
ssh_options[:forward_agent] = true
Warning
Agent forwarding should be enabled with caution. Users with the ability to bypass file permission on the remote host (e.g. the root user) can access the local agent through the forwarded connections. Its not possible to extract your key, but it would be possible to use your agent forwarding to connect to other hosts with your agent/identity.
Never enable SSH Agent forwarding globally in your ssh_config