sudo + ssh..

Mridul Pentapalli MridulP at virtusa.com
Tue Apr 8 04:17:18 EDT 2003 

Thanks a lot!!! ssh-agent with ssh-add did the trick!!!

For others who are interested:
1. run ssh-agent.
2. Ensure that the correct environment variables are set
3. run ssh-add.
4. Run the original sudo command. sudo ssh*****

Regards,
Mridul.

Date: Mon, 07 Apr 2003 07:59:35 -0700
From: Jim Hopp <jim at netyourwork.com>
Subject: Re: sudo + ssh..
To: sudo-users at sudo.ws
Message-ID: <3E919257.8070402 at netyourwork.com>
Content-Type: text/plain; charset=us-ascii; format=flowed

This is exactly what ssh-agent is designed for.  In this case to set it 
up you'd generate a public/private key pair for the user, put the public 
key on machine 1.2.3.4, start ssh-agent on the local machine and load 
the user's private key.  From then on, ssh on the local machine will use 
the ssh-agent to provide authentication when ssh connects to 1.2.3.4.

We use this mechanism extensively to run batch jobs across machines, and 
it works great.  And you don't have to do anything insecure like using 
empty passphrases.

-Jim

Mridul Pentapalli wrote:
> Hi,
> 
> I sent a mail to comp.security.ssh but no reply. I'm hoping that you guys
> have a pointer towards the solution... so here goes...
> 
> My program is run by another program using sudo. I need to use netstat on
a
> remote machine. The command ends up looking like this
> 
> sudo ssh -l blah 1.2.3.4 sudo netstat -p
> 
> This asks me for the password of blah at 1.2.3.4. 
> 
> I have configured the remote machine in such a way that I can connect to
it
> with an empty passphrase. 
> 
> ssh -l blah 1.2.3.4 sudo netstat -p 
> 
> works without asking me for any password.
> 
> Is there a way I can get the ssh to use the passphrase. Since this system
> call is being invoked from within a program, I do not want to pass the
> password every time.
> 
> Regards,
> Mridul.
> 
> "Code softly and carry a big debugger."
> 
> 
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users


------------------------------

____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

End of sudo-users Digest, Vol 4, Issue 7
****************************************

More information about the sudo-users mailing list