Date: Tue, 29 Jul 2003 12:20:03 -0400 From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-isp@freebsd.org> Subject: using SSH to execute commands on remote servers as different user Message-ID: <DBEIKNMKGOBGNDHAAKGNEENICNAC.dave@hawk-systems.com>
next in thread | raw e-mail | index | archive | help
To update, modify, and do other ISP type things to user accounts and files on remote servers, we commonly use SSH to run commands remotely. To date, we have been running them as user sysadmin for example, where that same user account exists on all the servers with the appropriate permissions to do only what it requires, and the user@master_server added to authorized_keys for that user. Much of this is through a seperate apache daemon running as that user on the master_server. We find ourself in a position to need to access, on occasion, other user accounts to occomplish similar tasks. from the command line this would be easy ssh -l otheruser server command but inputting the password for that user represents a challenge. We do not want to store that password in all the scripts, nor have them available to any files that the seperate web server views (regardless of the security precautions). In reading, I am thinking that the "-i identity_file" might contain the magic bullet we are looking for. Finding some good examples on how to use that to bypass the above problem though has to date been difficult. any comments/help on the above, or other alternatives if the -i flag is a dead end? thanks Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNEENICNAC.dave>