[sudo-users] sudo/keychain/ssh-agent interplay troubles
Aaron Spangler
as at insight.rr.com
Tue Aug 10 13:13:38 EDT 2004
Great!
Keep singing the praises of sudo!
- Aaron
Johannes Graumann wrote:
>Thanks! That got me on track and it's working BEAUTIFULLY now!
>
>Joh
>
>On Fri, 30 Jul 2004 23:51:20 -0400
>Aaron Spangler <as at insight.rr.com> wrote:
>
>
>
>>Try having sudo call ssh instead of ssh calling sudo.
>>
>>Try this example. - Aaron
>>
>>user1 at adminsrv$ sudo /usr/local/bin/synchronize_data
>>
>>----/usr/local/bin/synchronize_data----
>>#!/bin/sh
>># this script gets run as root via sudo
>>PATH=/bin:/usr/bin:/usr/local/bin
>>#
>># fire up an agent for a child script
>>ssh-agent /usr/local/bin/synchronize_data_part2
>># after part2 completes, the agent exits so the keys aren't kept
>>around
>>
>>----/usr/local/bin/synchronize_data_part2----
>>#!/bin/sh
>># This script gets called as root and already has an agent attached
>>#
>># only prompt for the private key passphrase once....
>># if the passphrase was entered wrong or the agent
>># could not be contacted, go no further
>>ssh-add || exit
>>#
>># replicate data to other cluster members
>># contrived example below
>>#
>>for server in node1 node2 node3 node4
>>do
>>echo doing $server ...
>># should not be prompted for passphrase here
>>scp /datafile $server:/datafile
>>done
>>#
>># end
>>
>>
>>
>>Johannes Graumann wrote:
>>
>>
>>
>>>Hello,
>>>
>>>I'm running a cluster and am keeping the databases needed for its job
>>>synchronous via ssh with unison called from a python script. Works
>>>neatly from root which has write access to the data directories. Ssh
>>>key issues are handled by keychain.
>>>I was trying to make the synchronization script acessible to a
>>>selected few of my users via sudo, but even with keychain commands in
>>>the script I can not get access to a ssh-agent running as root ...
>>>script requests pass word all the time - probably stupid idea anyway
>>>...
>>>
>>>Does anybody have any other ideas of how to handle this or solve my
>>>problem?
>>>
>>>Thanks, Joh
>>>
>>>____________________________________________________________
>>>sudo-users mailing list <sudo-users at sudo.ws>
>>>For list information, options, or to unsubscribe, visit:
>>>http://www.sudo.ws/mailman/listinfo/sudo-users
>>>
>>>
>>>
>>>
>>
>>
More information about the sudo-users
mailing list