[sudo-users] sudo/keychain/ssh-agent interplay troubles
Johannes Graumann
graumann at its.caltech.edu
Tue Aug 10 12:18:03 EDT 2004
Thanks! That got me on track and it's working BEAUTIFULLY now!
Joh
On Fri, 30 Jul 2004 23:51:20 -0400
Aaron Spangler <as at insight.rr.com> wrote:
> Try having sudo call ssh instead of ssh calling sudo.
>
> Try this example. - Aaron
>
> user1 at adminsrv$ sudo /usr/local/bin/synchronize_data
>
> ----/usr/local/bin/synchronize_data----
> #!/bin/sh
> # this script gets run as root via sudo
> PATH=/bin:/usr/bin:/usr/local/bin
> #
> # fire up an agent for a child script
> ssh-agent /usr/local/bin/synchronize_data_part2
> # after part2 completes, the agent exits so the keys aren't kept
> around
>
> ----/usr/local/bin/synchronize_data_part2----
> #!/bin/sh
> # This script gets called as root and already has an agent attached
> #
> # only prompt for the private key passphrase once....
> # if the passphrase was entered wrong or the agent
> # could not be contacted, go no further
> ssh-add || exit
> #
> # replicate data to other cluster members
> # contrived example below
> #
> for server in node1 node2 node3 node4
> do
> echo doing $server ...
> # should not be prompted for passphrase here
> scp /datafile $server:/datafile
> done
> #
> # end
>
>
>
> Johannes Graumann wrote:
>
> >Hello,
> >
> >I'm running a cluster and am keeping the databases needed for its job
> >synchronous via ssh with unison called from a python script. Works
> >neatly from root which has write access to the data directories. Ssh
> >key issues are handled by keychain.
> >I was trying to make the synchronization script acessible to a
> >selected few of my users via sudo, but even with keychain commands in
> >the script I can not get access to a ssh-agent running as root ...
> >script requests pass word all the time - probably stupid idea anyway
> >...
> >
> >Does anybody have any other ideas of how to handle this or solve my
> >problem?
> >
> >Thanks, Joh
> >
> >____________________________________________________________
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
> >http://www.sudo.ws/mailman/listinfo/sudo-users
> >
> >
>
>
More information about the sudo-users
mailing list