Menu
I wrote a simple script which mails out svn activity logs nightly to our developers. Until now, I've run it on the same machine as the svn repository, so I didn't have to worry about authentication, I could just use svn's file:/// address style.
Now I'm running the script on a home computer, accessing a remote repository, so I had to change to svn+ssh:// paths. With ssh-key nicely set up, I don't ever have to enter passwords for accessing the svn repository under normal circumstances.
However, crontab did not have access to my ssh-keys / ssh-agent. I've read about this problem a few places on the web, and it's also alluded to here, without resolution:
Why ssh fails from crontab but succedes when executed from a command line?
My solution was to add this to the top of the script:
### TOTAL HACK TO MAKE SSH-KEYS WORK ### eval `ssh-agent -s` This seems to work under MacOSX 10.6.
My question is, how terrible is this, and is there a better way?
741
The SSH agent ( ssh-agent ) is an SSH key manager that stores the SSH key in a process memory so that users can log into SSH servers without having to type the key's passphrase every time they authenticate with the server.
On most Linux systems, ssh-agent is automatically configured and run at login, and no additional actions are required to use it. However, an SSH key must still be created for the user. The ssh-agent command outputs commands to set certain environment variables in the shell.
The ssh-agent starts and sets two environment variables. SSH_AUTH_SOCK and SSH_AGENT_PID are used by ssh and ssh-add to connect to the ssh-agent . Upload the private key that you generated. path-to-file/ is the path to the secure media where you saved the private key file.
ssh directory exists. That you only want one ssh-agent socket per user on the system. That the HOME environment variable is set (because why wouldn't it, right?). That you will manually handle a situation where there is a process running, but it for some reason doesn't use the socket file designated.
In addition...
If your key have a passhphrase, keychain will ask you once (valid until you reboot the machine or kill the ssh-agent).
keychain is what you need! Just install it and add the follow code in your .bash_profile:
keychain ~/.ssh/id_dsa So use the code below in your script to load the ssh-agent environment variables:
. ~/.keychain/$HOSTNAME-sh Note: keychain also generates code to csh and fish shells.
Copied answer from https://serverfault.com/questions/92683/execute-rsync-command-over-ssh-with-an-ssh-agent-via-crontab
86
When you run ssh-agent -s, it launches a background process that you'll need to kill later. So, the minimum is to change your hack to something like:
eval `ssh-agent -s` svn stuff kill $SSH_AGENT_PID However, I don't understand how this hack is working. Simply running an agent without also running ssh-add will not load any keys. Perhaps MacOS' ssh-agent is behaving differently than its manual page says it does.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
