I need to run a script that contains some instructions which must be run as root, and a scp:
sbt assembly # requires sudo
scp -r -p myfile [email protected]:/root/spark/root # doesn't require sudo
I run it with sudo python3 ./myscript.py
.
Also, I configured my ssh to communicate with myserver
using an ssh key:
Host [email protected]
PubKeyAuthentication yes
IdentityFile ~/.ssh/mykey
IdentitiesOnly=yes
PreferredAuthentications=publickey
StrictHostKeyChecking=no
And I register my ssh key in ssh-agent, in my shell boot script ~/.zshrc
:
eval `ssh-agent`
ssh-add ~/.ssh/kiliba
Note that my public key is effectively registered on myserver
and that I can ssh or scp towards this server, which means my ssh configuration does work and my ssh key is valid.
However, when using sudo to run this script, the scp keeps asking me for a password, which means my ssh configuration isn't used. It seems to me that I did everything I needed to do in order for scp to work with sudo, but I must be missing something. Note that strangely, while sudo scp
doesn't work, sudo ssh
does.
Funny detail: on another machine I have managed to make it work, however I must've done this a year ago and I am unable to remember what I did for it to work. It's a Mac, and my current machine is on Ubuntu.
/etc
)? or user-specific?sudo scp …
orsudo ssh …
will not read your private config. (2) The tilde inIdentityFile ~/.ssh/mykey
(if the config applies uponsudo
) for root means root's home. Are you aware of this? (3)~/.ssh/mykey
is obviously not~/.ssh/kiliba
. Which one do you want to use? (4) The whole mechanics of applications usingssh-agent
relies on theSSH_AUTH_SOCK
environment variable.sudo
sanitizes its environment. What is the output ofsudo env | grep SSH
(aftereval …
)?scp … [email protected]:…
the server ismyserver.com
. InHost [email protected]
the server is[email protected]
. See the discrepancy? This, along with altering every config and copying the key to another location smells like voodoo. Hopefully we will sort it out. (5) Where do you want to store the key? (6) Do you want to use the agent or not? (7) Sincescp
does not requiresudo
, have you considered running it as your regular user from the inside of the script?