Open SSH from Heroku
Problem
I've deployed on Heroku a worker who periodically uploads a file to a ssh server. It's wrote on Node.js and it does:
require('child_process').exec('scp -i id_rsa myfile.txt [email protected]:updated.txt', function() { ... });
In order to connect to the server the repository has a *id_rsa* file with a private key than is authorized by myserver.com. I've tested it on two computers (than has no key exchange with myserver.com) and it works, but when I upload it to Heroku it scp outputs:
Host key verification failed.
Why?
NOTE
I've also tried instead of execute scp:
cat file.txt | ssh [myuser]@[myserver] "cat > updated.txt"
The same problem.
UPDATE
Executing ssh -v ... it outputs:
[...]
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
[...]
I can't access tty on Heroku?
This are all the files on the repo:
main.js
require('child_process').exec('scp -i id_rsa file.txt [myuser]@[myserver]:updated.txt', function(error, stdout, stderr) {
if (error)
console.error('FAILED', stderr.toString());
console.log('OUTPUT', stdout.toString());
});
id_rsa
-----BEGIN RSA PRIVATE KEY-----
[censored]
-----END RSA PRIVATE KEY-----
package.json
{
"name": "exta",
"version": "0.0.1",
"engines": { "node": "0.6.x" }
}
Procfile
worker: node main
file.txt
Testing
Solution
Found the problem, it was not on the RSA key but on the server key.
The first time a SSH connection is established between two computers SSH ask you yo add the server's key to ~/.ssh/known_hosts in order to do this it tries to prompt it into the tty. As I've already accepted my server's key on my computers it didn't happen when I tested it locally.
As I'm not sure how to order my program to add the key to ~/.shh/known_hosts I've tricked SSH to add the key without asking:
ssh -i id_rsa -o -o StrictHostKeyChecking=no [myuser]@[myserver]
As I don't want to touch Heroku's environment I've also asked ssh to store the keys on /dev/null so nothing is modified:
ssh -i id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [myuser]@[myserver]
And... IT WORKS! :D
Discussion
View additional discussion.