How To Deploy a Rails App With Passenger and Nginx On Digital Ocean Part 1 — Creating SSH

Deploying, in general, is an art form since it requires patience and know-how. For beginners this can seem impossible to do but don't fret, after a few tutorials and some willingness to learn, anyone can deploy a website or application.

In this tutorial we will be deploying a Rails app with Passenger, as the application server, and Nginx, as the web server. Also, the Rails app will use Postgres, so we will be installing that as well.

We will start from the very beginning. The first step is to sign up to Digital Ocean, if you have not already.

How SSH Works

Before we can begin, we will need to set up an SSH key, since this will allow us to have a secure connection to a Droplet without having to remember or write down a password furthermore, passwords are more prone to brute forcing attacks.

An SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to a server. Each key pair consists of a public key and a private key.

The private key is retained by the client and should be kept absolutely secret. Any compromise of the private key will allow attackers to log into servers that are configured with the associated public key without additional authentication. As an additional precaution, the key can be encrypted on disk with a passphrase.

The associated public key can be shared freely. The public key can be used to encrypt messages that only the private key can decrypt. > This property is employed as a way of authenticating using the key pair.

The public key is uploaded to a remote server that you want to be able to log into with SSH. The key is added to a special file within the user account you will be logging into called ~/.ssh/authorized_keys.

When a client attempts to authenticate using SSH keys, the server can test the client on whether they are in possession of the private key. > If the client can prove that it owns the private key, a shell session is spawned or the requested command is executed.

Ellingwood, Justin. “How To Configure SSH Key-Based Authentication on a Linux Server” Digital Ocean. DigitalOcean Inc, 20 Oct. 2014. Web. 26 Apr. 2015.

An overview of the flow to Authentication of SSH key

Creating SSH

Step One — Creating the RSA Pair

First we will need to create a RSA Pair on your computer by going into the command line and typing:

$ ssh-keygen -t rsa -C “your_email@example.com”
# This will create a new SSH key

Step Two — Generate a new SSH key

ssh-keygen will ask you where the RSA Pair should go. It is recommended to keep the default settings as they are, so press enter.

$ Enter file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]

ssh-keygen will then ask you for a passphrase. It is recommended to create a strong passphrase in order to prevent your SSH key being hacked.

$ Enter passphrase (empty for no passphrase): [Type a passphrase]
$ Enter same passphrase again: [Type passphrase again]

After you enter in your passphrase ssh-keygen will generate the key and display the results on the screen.

Your identification has been saved in /Users/you/.ssh/id_rsa.
Your public key has been saved in /Users/you/.ssh/id_rsa.pub.
The key fingerprint is: 01:0f:f4:3b:ca:85:d6:17:a1:7d:f0:68:9d:f0:a2:db your_email@example.com

Step Three — Add your SSH key to the ssh-agent

In order to store your private SSH key to verify that you are the owner of the public key, you will need to add it to the ssh-agent.

First ensure ssh-agent is enabled.

$ eval “$(ssh-agent -s)”

Add your SSH key to the ssh-agent

$ ssh-add ~/.ssh/id_rss

Step Four — Add your SSH key to your Digital Ocean account

First you will need to copy the SSH key to your clipboard. You should never copy a SSH key by highlighting it, since any whitespaces or newlines will throw off the matching between your SSH and the SSH on Digital Ocean.

$ pbcopy < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard

If you have not already logged into Digital Ocean, log into it. Click on the icon of the person at the top right of the page. This will give you options, choose Your Settings then Security tab.

If you scroll down a bit you will see a form to enter an SSH key.

Enter in the name of your SSH key. It should be the name of the computer your SSH is coming from

Paste in the SSH key

Click on Create SSH Key to save the SSH key to your account.

Applying SSH Keys To Existing Droplets

If you have already created some Droplets that do not have SSH keys you can still apply the ones you created. If you have no existing Droplets, then skip this section.

Enter this command for each of the existing Droplets you wish to use an SSH key on

$ cat ~/.ssh/id_rsa.pub | ssh root@[your Droplet ip address] “cat >> ~/.ssh/authorized_keys”
# This will connect to your Droplet and create a file called authorized_keys with your SSH key, in the Droplet.

Troubleshooting

If you must enter in a password then there is something wrong with the public key, either on your computer or on Digital Ocean. If you destroy a Droplet and then create another Droplet on the same IP address,you will get a warning message. Use this command to remove it from your known host.

$ ssh-keygen -R [your Droplet ip address]

then try connecting to your server again.

Conclusion for the First Part

This is just the start. We have the basic setup in order for you to create many different Droplets without having to write down or memorize different passwords for each of your Droplets allowing you to focus on maintaining your Droplets.

Once you finish creating the SSH key and updating any existing Droplets, it is time to create new Droplets.

Reference

The articles that were used in the creation of this post:

GitHub Help: Generating SSH Keys

How To Use SSH Keys with DigitalOcean Droplets

How To Configure SSH Key-Based Authentication on a Linux Server