sudo + ssh..
jim at netyourwork.com
Mon Apr 7 10:59:35 EDT 2003
This is exactly what ssh-agent is designed for. In this case to set it
up you'd generate a public/private key pair for the user, put the public
key on machine 220.127.116.11, start ssh-agent on the local machine and load
the user's private key. From then on, ssh on the local machine will use
the ssh-agent to provide authentication when ssh connects to 18.104.22.168.
We use this mechanism extensively to run batch jobs across machines, and
it works great. And you don't have to do anything insecure like using
Mridul Pentapalli wrote:
> I sent a mail to comp.security.ssh but no reply. I'm hoping that you guys
> have a pointer towards the solution... so here goes...
> My program is run by another program using sudo. I need to use netstat on a
> remote machine. The command ends up looking like this
> sudo ssh -l blah 22.214.171.124 sudo netstat -p
> This asks me for the password of blah at 126.96.36.199.
> I have configured the remote machine in such a way that I can connect to it
> with an empty passphrase.
> ssh -l blah 188.8.131.52 sudo netstat -p
> works without asking me for any password.
> Is there a way I can get the ssh to use the passphrase. Since this system
> call is being invoked from within a program, I do not want to pass the
> password every time.
> "Code softly and carry a big debugger."
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
More information about the sudo-users