sudo + ssh..

[Jim Hopp]

This is exactly what ssh-agent is designed for.  In this case to set it 
up you'd generate a public/private key pair for the user, put the public 
key on machine 1.2.3.4, start ssh-agent on the local machine and load 
the user's private key.  From then on, ssh on the local machine will use 
the ssh-agent to provide authentication when ssh connects to 1.2.3.4.

We use this mechanism extensively to run batch jobs across machines, and 
it works great.  And you don't have to do anything insecure like using 
empty passphrases.

-Jim

Mridul Pentapalli wrote:
> Hi,
> 
> I sent a mail to comp.security.ssh but no reply. I'm hoping that you guys
> have a pointer towards the solution... so here goes...
> 
> My program is run by another program using sudo. I need to use netstat on a
> remote machine. The command ends up looking like this
> 
> sudo ssh -l blah 1.2.3.4 sudo netstat -p
> 
> This asks me for the password of blah at 1.2.3.4. 
> 
> I have configured the remote machine in such a way that I can connect to it
> with an empty passphrase. 
> 
> ssh -l blah 1.2.3.4 sudo netstat -p 
> 
> works without asking me for any password.
> 
> Is there a way I can get the ssh to use the passphrase. Since this system
> call is being invoked from within a program, I do not want to pass the
> password every time.
> 
> Regards,
> Mridul.
> 
> "Code softly and carry a big debugger."
> 
> 
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users