A. Matías Quezada A. Matías Quezada - 3 months ago 19
Node.js Question

Open SSH from Heroku

I've deployed on Heroku a worker who periodically uploads a file to a ssh server. It's wrote on Node.js and it does:

require('child_process').exec('scp -i id_rsa myfile.txt myuser@myserver.com:updated.txt', function() { ... });


In order to connect to the server the repository has a *id_rsa* file with a private key than is authorized by myserver.com. I've tested it on two computers (than has no key exchange with myserver.com) and it works, but when I upload it to Heroku it scp outputs:

Host key verification failed.


Why?

NOTE



I've also tried instead of execute scp:

cat file.txt | ssh [myuser]@[myserver] "cat > updated.txt"


The same problem.

UPDATE



Executing ssh -v ... it outputs:

[...]
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
[...]


I can't access tty on Heroku?

This are all the files on the repo:

main.js



require('child_process').exec('scp -i id_rsa file.txt [myuser]@[myserver]:updated.txt', function(error, stdout, stderr) {
if (error)
console.error('FAILED', stderr.toString());
console.log('OUTPUT', stdout.toString());
});


id_rsa



-----BEGIN RSA PRIVATE KEY-----
[censored]
-----END RSA PRIVATE KEY-----


package.json



{
"name": "exta",
"version": "0.0.1",
"engines": { "node": "0.6.x" }
}


Procfile



worker: node main


file.txt



Testing

Answer

Found the problem, it was not on the RSA key but on the server key.

The first time a SSH connection is established between two computers SSH ask you yo add the server's key to ~/.ssh/known_hosts in order to do this it tries to prompt it into the tty. As I've already accepted my server's key on my computers it didn't happen when I tested it locally.

As I'm not sure how to order my program to add the key to ~/.shh/known_hosts I've tricked SSH to add the key without asking:

ssh -i id_rsa -o -o StrictHostKeyChecking=no [myuser]@[myserver]

As I don't want to touch Heroku's environment I've also asked ssh to store the keys on /dev/null so nothing is modified:

ssh -i id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [myuser]@[myserver]

And... IT WORKS! :D