History

openhands 0076e263f9 Add comprehensive SSH deployment system - deploy/ssh/deploy-remote.sh: Main SSH deployment script - deploy/ssh/deploy-remote.py: Python alternative deployment script - deploy/config/example-*.yml: Example configuration files - deploy/keys/README.md: SSH key management guide - deploy/SSH_DEPLOYMENT.md: Complete SSH deployment documentation - .gitignore: Added deployment configuration exclusions Features: - Secure SSH key management with git-ignored configs - Environment-specific configurations (production, staging) - Automated remote deployment with validation - Dry-run mode for testing - Comprehensive documentation and security best practices	2025-10-30 09:15:56 +00:00
..
README.md	Add comprehensive SSH deployment system	2025-10-30 09:15:56 +00:00

openhands 0076e263f9 Add comprehensive SSH deployment system

- deploy/ssh/deploy-remote.sh: Main SSH deployment script
- deploy/ssh/deploy-remote.py: Python alternative deployment script
- deploy/config/example-*.yml: Example configuration files
- deploy/keys/README.md: SSH key management guide
- deploy/SSH_DEPLOYMENT.md: Complete SSH deployment documentation
- .gitignore: Added deployment configuration exclusions

Features:
- Secure SSH key management with git-ignored configs
- Environment-specific configurations (production, staging)
- Automated remote deployment with validation
- Dry-run mode for testing
- Comprehensive documentation and security best practices

2025-10-30 09:15:56 +00:00

README.md

Add comprehensive SSH deployment system

2025-10-30 09:15:56 +00:00

README.md

SSH Key Management

This directory should contain SSH private keys for deployment to different environments.

Setup Instructions

1. Generate SSH Key Pairs

For each environment, generate a dedicated SSH key pair:

# Generate production key
ssh-keygen -t ed25519 -f deploy/keys/production_key -C "calejo-production-deploy" -N ""

# Generate staging key  
ssh-keygen -t ed25519 -f deploy/keys/staging_key -C "calejo-staging-deploy" -N ""

# Set proper permissions
chmod 600 deploy/keys/*

2. Deploy Public Keys to Servers

Copy the public keys to the target servers:

# For production
ssh-copy-id -i deploy/keys/production_key.pub calejo@production-server.company.com

# For staging
ssh-copy-id -i deploy/keys/staging_key.pub calejo@staging-server.company.com

3. Configure SSH on Servers

On each server, ensure the deployment user has proper permissions:

# Add to sudoers (if needed)
echo "calejo ALL=(ALL) NOPASSWD: /usr/bin/docker-compose, /bin/systemctl" | sudo tee /etc/sudoers.d/calejo

Security Notes

Never commit private keys to version control
Set proper permissions: chmod 600 deploy/keys/*
Use passphrase-protected keys in production
Rotate keys regularly
Use different keys for different environments

File Structure

deploy/keys/
├── README.md                    # This file
├── production_key              # Production SSH private key (gitignored)
├── production_key.pub          # Production SSH public key (gitignored)
├── staging_key                 # Staging SSH private key (gitignored)
└── staging_key.pub            # Staging SSH public key (gitignored)

Environment Variables

For additional security, you can also use environment variables:

export CALEJO_DEPLOY_KEY_PATH="deploy/keys/production_key"
export CALEJO_DEPLOY_PASSPHRASE="your-passphrase"