0

I need to run a script that contains some instructions which must be run as root, and a scp:

sbt assembly # requires sudo
scp -r -p myfile [email protected]:/root/spark/root # doesn't require sudo

I run it with sudo python3 ./myscript.py.

Also, I configured my ssh to communicate with myserver using an ssh key:

Host [email protected]
    PubKeyAuthentication yes
    IdentityFile ~/.ssh/mykey
    IdentitiesOnly=yes
    PreferredAuthentications=publickey
    StrictHostKeyChecking=no

And I register my ssh key in ssh-agent, in my shell boot script ~/.zshrc:

eval `ssh-agent`
ssh-add ~/.ssh/kiliba

Note that my public key is effectively registered on myserver and that I can ssh or scp towards this server, which means my ssh configuration does work and my ssh key is valid.

However, when using sudo to run this script, the scp keeps asking me for a password, which means my ssh configuration isn't used. It seems to me that I did everything I needed to do in order for scp to work with sudo, but I must be missing something. Note that strangely, while sudo scp doesn't work, sudo ssh does.

Funny detail: on another machine I have managed to make it work, however I must've done this a year ago and I am unable to remember what I did for it to work. It's a Mac, and my current machine is on Ubuntu.

Improve this question
13
  • (1) "I configured my ssh" – Is it global config (in /etc)? or user-specific? sudo scp … or sudo ssh … will not read your private config. (2) The tilde in IdentityFile ~/.ssh/mykey (if the config applies upon sudo) for root means root's home. Are you aware of this? (3) ~/.ssh/mykey is obviously not ~/.ssh/kiliba. Which one do you want to use? (4) The whole mechanics of applications using ssh-agent relies on the SSH_AUTH_SOCK environment variable. sudo sanitizes its environment. What is the output of sudo env | grep SSH (after eval …)?
    – Kamil Maciorowski
    Commented Jan 13, 2022 at 10:34
  • @KamilMaciorowski (1) I did it both in ~/.ssh, in /root/.ssh, and in /etc/ssh (not sure whether it's /root or /etc for sudo ssh... but I tried both anyway.). (2) I was not aware of this. I changed the config in /etc and /root for /root/.ssh/mykey instead of ~/.ssh/mykey, and copied my private key to this location, but it still doesn't work. (3) my bad, I misspelled it, it's "mykey". I updated my post. (4) sudo env | grep SSH prints nothing
    – papillon
    Commented Jan 13, 2022 at 11:06
  • @papillon Are you the author of the question? Please see I accidentally created two accounts; how do I merge them? Extra information should be added to the question body, not in comments.
    – Kamil Maciorowski
    Commented Jan 13, 2022 at 11:42
  • In scp … [email protected]:… the server is myserver.com. In Host [email protected] the server is [email protected]. See the discrepancy? This, along with altering every config and copying the key to another location smells like voodoo. Hopefully we will sort it out. (5) Where do you want to store the key? (6) Do you want to use the agent or not? (7) Since scp does not require sudo, have you considered running it as your regular user from the inside of the script?
    – Kamil Maciorowski
    Commented Jan 13, 2022 at 12:03
  • I did create 2 accounts by accident, indeed. I made the request for merging them. Thanks.
    – papillon
    Commented Jan 13, 2022 at 13:35

1 Answer 1

Reset to default
1

The host name should be only the server adress, instead of a uri.

Instead of [email protected], I should've written myserver.com, and added a rule below to specify the user name:

Host myserver.com
    User root
    PubKeyAuthentication yes
    IdentityFile ~/.ssh/mykey
    IdentitiesOnly=yes
    PreferredAuthentications=publickey
    StrictHostKeyChecking=no
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .