[clug] Automating SSH scripts with passphrase'd keys
Owen
rcook at pcug.org.au
Mon Mar 24 07:13:53 GMT 2008
On Mon, 24 Mar 2008 12:31:00 +1100
Li-Jie Wong <u4178265 at anu.edu.au> wrote:
> I've recently attempted to set up automated ssh scripts to perform
> automated backups with a passphrase'd key. However it seems a little
> tricker than I expected, and will attempt to share the various points
> that I learnt in this attempt. I wouldn't be surprised if I took a
> more roundabout way than necessary and would appreciate any tips on a
> shorter way to go about it.
> ssh-agent / ssh-add seems to have quite a short default time-out, so I
> created an auth script for me to run that runs "ssh-add -t 1w" to set
> the time-out to one week.
> However ssh-agent doesn't necessarily seem to start automatically so I
> added ssh-agent to the auth script and wrote the output to a file
> Found out that my jobs in cron couldn't get the ssh-agent details
> somehow, even though I had specified #!/bin/bash in my backup script
> (which I think assumed would execute .bashrc) and have the ssh-agent
> environmental variables sourced in .bashrc
> I ended up sourcing the ssh-agent environmental variables again in my
> backup script and it seems to work now.
>
> I'm not sure if it's possible to get ssh-agent to run once (under my
> user) on startup. Perhaps I could use sudo? Perhaps I should write a
> weekly cron job to remind me to run auth before the time out.
I can't help you with ssh-agent, but;
You might want to look at http://linuxproblem.org/art_9.html for passwordless logins
If you are having quick time outs with your ssh, you might want to add if not already there
ServerAliveInterval 120
to your ssh config file (/etc/ssh/ssh_config on my system)
I am permanently connected to the internet, but just in case I'm not, I run this script as a back up script from a cron job
#!/bin/bash
/bin/ping -c 1 s2<--my internet connection with a passwordless login
if [ $? = "0" ]
then
rsync /home/owen/.... etc
else
exit
fi
Owen
More information about the linux
mailing list