[clug] Automating SSH scripts with passphrase'd keys

Owen rcook at pcug.org.au
Mon Mar 24 07:13:53 GMT 2008

On Mon, 24 Mar 2008 12:31:00 +1100
Li-Jie Wong <u4178265 at anu.edu.au> wrote:

> I've recently attempted to set up automated ssh scripts to perform  
> automated backups with a passphrase'd key. However it seems a little  
> tricker than I expected, and will attempt to share the various points  
> that I learnt in this attempt. I wouldn't be surprised if I took a  
> more roundabout way than necessary and would appreciate any tips on a  
> shorter way to go about it.
> ssh-agent / ssh-add seems to have quite a short default time-out, so I  
> created an auth script for me to run that runs "ssh-add -t 1w" to set  
> the time-out to one week.
> However ssh-agent doesn't necessarily seem to start automatically so I  
> added ssh-agent to the auth script and wrote the output to a file
> Found out that my jobs in cron couldn't get the ssh-agent details  
> somehow, even though I had specified #!/bin/bash in my backup script  
> (which I think assumed would execute .bashrc) and have the ssh-agent  
> environmental variables sourced in .bashrc
> I ended up sourcing the ssh-agent environmental variables again in my  
> backup script and it seems to work now.
> I'm not sure if it's possible to get ssh-agent to run once (under my  
> user) on startup. Perhaps I could use sudo? Perhaps I should write a  
> weekly cron job to remind me to run auth before the time out.

I can't help you with ssh-agent, but;

You might want to look at http://linuxproblem.org/art_9.html for passwordless logins

If you are having quick time outs with your ssh, you might want to add if not already there

        ServerAliveInterval 120

to your ssh config file (/etc/ssh/ssh_config on my system)

I am permanently connected to the internet, but just in case I'm not, I run this script as a back up script from a cron job


     /bin/ping -c 1 s2<--my internet connection with a passwordless login
     if [ $? = "0" ]
         rsync /home/owen/....    etc


More information about the linux mailing list