[sudo-users] sudo/keychain/ssh-agent interplay troubles

Aaron Spangler as at insight.rr.com
Fri Jul 30 23:51:20 EDT 2004

Try having sudo call ssh instead of ssh calling sudo.

Try this example.  - Aaron

user1 at adminsrv$ sudo /usr/local/bin/synchronize_data

# this script gets run as root via sudo
# fire up an agent for a child script
ssh-agent /usr/local/bin/synchronize_data_part2
# after part2 completes, the agent exits so the keys aren't kept around

# This script gets called as root and already has an agent attached
# only prompt for the private key passphrase once....
# if the passphrase was entered wrong or the agent
# could not be contacted, go no further
ssh-add || exit
# replicate data to other cluster members
# contrived example below
for server in node1 node2 node3 node4
echo doing $server ...
# should not be prompted for passphrase here
scp /datafile $server:/datafile
# end

Johannes Graumann wrote:

>I'm running a cluster and am keeping the databases needed for its job
>synchronous via ssh with unison called from a python script. Works
>neatly from root which has write access to the data directories. Ssh key
>issues are handled by keychain.
>I was trying to make the synchronization script acessible to a selected
>few of my users via sudo, but even with keychain commands in the script
>I can not get access to a ssh-agent running as root ... script requests
>pass word all the time - probably stupid idea anyway ...
>Does anybody have any other ideas of how to handle this or solve my
>Thanks, Joh
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list