如果我是root用户，如何为某些用户设置SSH密钥？

Question

If a root user is running a bash script that configure some stuff on machine for a user. The script would configure a git repository and an ssh key for password-less github communication, then it would clone the repository. This will only happens once.

I'm new to bash, how would I do this?

My solution so far (this script is run as root):

USERNAME="vagrant"
HOMEDIR="/home/$USERNAME"

apt-get update -y
apt-get install git -y
cp id_rsa* $HOMEDIR/.ssh #copying predefined keys
su -c "eval `ssh-agent -s` ssh-add $HOMEDIR/.ssh/id_rsa" $USERNAME
chmod 400 $HOMEDIR/.ssh/id_rsa
cat $HOMEDIR/.ssh/id_rsa.pub > $HOMEDIR/.ssh/known_hosts

This doesn't work because the key is not being added, I get the error:

Could not open a connection to your authentication agent.

Answer 1

With a root user that has no login on a remote host, and /root/.ssh does not exist, I can interactively ssh in with:

su - $USERNAME -c "ssh $USERNAME@<remotehost>"

It reads USERNAME's ~/.ssh/known_hosts file (or prompts for verification). If correct keys exist in USERNAME's ~/.ssh it uses them. When done, there is still no /root/.ssh , ie this is completely done as USERNAME, not root.

Likewise with git cloning:

su - $USERNAME -c "git clone remoteuser@host:/path/to/repo"

Just be careful of quoting. If you want a variable dereferenced at the time you run su , use double quotes. If you want a variable dereferenced after su has handed off to the user's shell, use single quotes. Example:

su - myuser -c "echo $HOME"
/root

su - myuser -c 'echo $HOME'
/home/myuser