Reputation: 75
ssh-agent ssh-add ok in user not in sudo
I created an SSH-Agent to provide my key to the ssh/scp cmd when connecting to my server. I also scripted a SSH-Add with the command 'expect' to write my paraphrase when it's needed.
This works perfectly with my user "user".
But I'm executing a python script that uses /dev/mem that need to be run as root through sudo. This python script call another bash script with ssh and scp cmd inside. Therefore all these cmd are executed as root and my agent/ssh-add doesn't work anymore, keeping asking for the paraphrase for each file.
How could I fix that ? I don't want to log as root and run a agent as root. I tried the sudo -u user ssh but it doesn't work (ie: need to enter my paraphrase)
Any ideas?
Thanks in advance, Mat
EDIT: my code: The py script needing the sudo
#!/usr/bin/env python2.7
import RPi.GPIO as GPIO
import time
import subprocess
from subprocess import call
from datetime import datetime
import picamera
import os
import sys
GPIO.setmode(GPIO.BCM)
# GPIO 23 set up as input. It is pulled up to stop false signals
GPIO.setup(23, GPIO.IN, pull_up_down=GPIO.PUD_UP)
#set path and time to create the folder where the images will be saved
pathtoscript = "/home/pi/python-scripts"
current_time = time.localtime()[0:6]
dirfmt = "%4d-%02d-%02d-%02d-%02d-%02d"
dirpath = os.path.join(pathtoscript , dirfmt)
localdirname = dirpath % current_time[0:6] #dirname created with date and time
remotedirname = dirfmt % current_time[0:6] #remote-dirname created with date and time
os.mkdir(localdirname) #mkdir
pictureName = localdirname + "/image%02d.jpg" #path+name of pictures
var = 1
while var == 1:
try:
GPIO.wait_for_edge(23, GPIO.FALLING)
with picamera.PiCamera() as camera:
#camera.capture_sequence(["/home/pi/python-scripts/'dirname'/image%02d.jpg" % i for i in range(2)])
camera.capture_sequence([pictureName % i for i in range(19)])
camera.close()
cmd = '/home/pi/python-scripts/picturesToServer {0} &'.format(remotedirname)
call ([cmd], shell=True)
except KeyboardInterrupt:
GPIO.cleanup() # clean up GPIO on CTRL+C exit
GPIO.cleanup() # clean up GPIO on normal exit
the bash script:
#!/bin/bash
cd $1
ssh user@server mkdir /home/repulsion/picsToAnimate/"$1" >/dev/null 2>&1
ssh user@server cp "$1"/* /home/repulsion/picsToAnimate/"$1"/ >/dev/null 2>&1
for i in $( ls ); do
scp $i user@server:/home/repulsion/picsToAnimate/"$1"/ >/dev/null 2>&1
done
Upvotes: 1
Views: 1054
Answers (2)
Reputation: 599
The environment variables needed for shh-agent are removed by sudo. see here for how to keep them.
But why do you have a ssh-add there type the passphrase for you insted of just having a ssh key with no passphrase? You can remove it with
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
Upvotes: 1
Reputation: 332736
You will need the SSH agent environment variables to be passed in through the sudo.
To do so, you can run sudo -E to pass all environment variables in through sudo; but this can be dangerous, so it's probably better to pass just the ones you need. The easiest way to do this is for sudo to invoke env to invoke the given program with the appropriate environment variables set:
$ sudo env SSH_AGENT_PID=$SSH_AGENT_PID SSH_AUTH_SOCK=$SSH_AUTH_SOCK my-script
Upvotes: 1
Related Questions
- ssh-agent doesn't work however eval+ssh-add does, why?
- Using the ssh agent inside a python script
- ssh-agent denies to add root's private key with sudo user
- ssh-add "Error connecting to agent: Connection refused"
- Why can't I `source` ssh-agent and ssh-add with in bash script?
- adding private key to ssh agent
- Need to run ssh-agent everytime I log in
- Could not open connection to authentication agent even though SSH_AUTH_SOCK defined
- Why does ssh-agent need root access?
- using ssh-agent without login