[clug] Automating SSH scripts with passphrase'd keys
u4178265 at anu.edu.au
Mon Mar 24 01:31:00 GMT 2008
I've recently attempted to set up automated ssh scripts to perform
automated backups with a passphrase'd key. However it seems a little
tricker than I expected, and will attempt to share the various points
that I learnt in this attempt. I wouldn't be surprised if I took a
more roundabout way than necessary and would appreciate any tips on a
shorter way to go about it.
ssh-agent / ssh-add seems to have quite a short default time-out, so I
created an auth script for me to run that runs "ssh-add -t 1w" to set
the time-out to one week.
However ssh-agent doesn't necessarily seem to start automatically so I
added ssh-agent to the auth script and wrote the output to a file
Found out that my jobs in cron couldn't get the ssh-agent details
somehow, even though I had specified #!/bin/bash in my backup script
(which I think assumed would execute .bashrc) and have the ssh-agent
environmental variables sourced in .bashrc
I ended up sourcing the ssh-agent environmental variables again in my
backup script and it seems to work now.
I'm not sure if it's possible to get ssh-agent to run once (under my
user) on startup. Perhaps I could use sudo? Perhaps I should write a
weekly cron job to remind me to run auth before the time out.
More information about the linux