[sudo-users] sudo/keychain/ssh-agent interplay troubles
graumann at its.caltech.edu
Tue Aug 10 12:18:03 EDT 2004
Thanks! That got me on track and it's working BEAUTIFULLY now!
On Fri, 30 Jul 2004 23:51:20 -0400
Aaron Spangler <as at insight.rr.com> wrote:
> Try having sudo call ssh instead of ssh calling sudo.
> Try this example. - Aaron
> user1 at adminsrv$ sudo /usr/local/bin/synchronize_data
> # this script gets run as root via sudo
> # fire up an agent for a child script
> ssh-agent /usr/local/bin/synchronize_data_part2
> # after part2 completes, the agent exits so the keys aren't kept
> # This script gets called as root and already has an agent attached
> # only prompt for the private key passphrase once....
> # if the passphrase was entered wrong or the agent
> # could not be contacted, go no further
> ssh-add || exit
> # replicate data to other cluster members
> # contrived example below
> for server in node1 node2 node3 node4
> echo doing $server ...
> # should not be prompted for passphrase here
> scp /datafile $server:/datafile
> # end
> Johannes Graumann wrote:
> >I'm running a cluster and am keeping the databases needed for its job
> >synchronous via ssh with unison called from a python script. Works
> >neatly from root which has write access to the data directories. Ssh
> >key issues are handled by keychain.
> >I was trying to make the synchronization script acessible to a
> >selected few of my users via sudo, but even with keychain commands in
> >the script I can not get access to a ssh-agent running as root ...
> >script requests pass word all the time - probably stupid idea anyway
> >Does anybody have any other ideas of how to handle this or solve my
> >Thanks, Joh
> >sudo-users mailing list <sudo-users at sudo.ws>
> >For list information, options, or to unsubscribe, visit:
More information about the sudo-users