[sudo-users] sudo/keychain/ssh-agent interplay troubles
Aaron Spangler
as at insight.rr.com
Fri Jul 30 23:51:20 EDT 2004
Try having sudo call ssh instead of ssh calling sudo.
Try this example. - Aaron
user1 at adminsrv$ sudo /usr/local/bin/synchronize_data
----/usr/local/bin/synchronize_data----
#!/bin/sh
# this script gets run as root via sudo
PATH=/bin:/usr/bin:/usr/local/bin
#
# fire up an agent for a child script
ssh-agent /usr/local/bin/synchronize_data_part2
# after part2 completes, the agent exits so the keys aren't kept around
----/usr/local/bin/synchronize_data_part2----
#!/bin/sh
# This script gets called as root and already has an agent attached
#
# only prompt for the private key passphrase once....
# if the passphrase was entered wrong or the agent
# could not be contacted, go no further
ssh-add || exit
#
# replicate data to other cluster members
# contrived example below
#
for server in node1 node2 node3 node4
do
echo doing $server ...
# should not be prompted for passphrase here
scp /datafile $server:/datafile
done
#
# end
Johannes Graumann wrote:
>Hello,
>
>I'm running a cluster and am keeping the databases needed for its job
>synchronous via ssh with unison called from a python script. Works
>neatly from root which has write access to the data directories. Ssh key
>issues are handled by keychain.
>I was trying to make the synchronization script acessible to a selected
>few of my users via sudo, but even with keychain commands in the script
>I can not get access to a ssh-agent running as root ... script requests
>pass word all the time - probably stupid idea anyway ...
>
>Does anybody have any other ideas of how to handle this or solve my
>problem?
>
>Thanks, Joh
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
More information about the sudo-users
mailing list