从通过cron作业运行的bash脚本访问SSH密钥
[英]Accessing SSH key from bash script running via a cron job
问题描述
I've put this script together to updated a folder of forked Github repositories on a daily basis. 
我已经将这个脚本放在一起,每天更新一个分叉的Github存储库文件夹。 It runs fine if I call it from a prompt, but I can' figure out how to make it utilize my id_rsa reliably when it is run as a cron job. 如果我从提示符调用它,它运行正常,但我可以'弄清楚当它作为一个cron作业运行时如何使它可靠地利用我的id_rsa。 the eval 'ssh-agent' is an attempt to do just that, but it doesn't seen to have any positive affect. eval 'ssh-agent'试图做到这一点,但它没有看到任何积极的影响。
#!/bin/sh
LOGPATH=log.txt
eval 'ssh-agent'
cd /path/to/update/folder
echo "-------START UPDATE-------">$LOGPATH
echo "Updating repos:">>$LOGPATH
date "+%F %T">>$LOGPATH
COUNT=1
find . -maxdepth 1 -type d | while read dir; do
cd "$dir"
LEN=$"${#dir}"
if [ $LEN != "1" ]
then
echo "*********">>$LOGPATH
echo "$COUNT. " ${dir:2}>>$LOGPATH
/usr/local/bin/git pull upstream master>>$LOGPATH 2>> $LOGPATH
/usr/local/bin/git push origin master>>$LOGPATH 2>> $LOGPATH
let COUNT=COUNT+1
fi
cd "$OLDPWD"
done
echo "-------END UPDATE-------">>$LOGPATH
exit 0
This is probably a horribly inefficient way to go about the process in general, but it works and I don't ever see it. 对于整个过程来说,这可能是一种非常低效的方式,但是它有效并且我从未见过它。 If I could get it to use my creds, I would be elated. 如果我可以使用我的信用卡,我会很高兴。
2 个解决方案
解决方案1
7 已采纳 2009-11-04 02:49:50
I believe you are using the wrong kind of quotes. 我相信你使用了错误的报价。 Plain-quoting ssh-agent doesn't do anything, you need to incorporate the results of running it by using command substitution with: 简单引用ssh-agent不做任何事情,你需要通过使用命令替换来合并运行它的结果:
eval `ssh-agent`
or 要么
eval $(ssh-agent)
This causes the script to set the needed environment variables. 这会导致脚本设置所需的环境变量。 However, ssh-agent still will not have any keys unless you ssh-add them. 但是,除非您ssh-add ssh-agent否则ssh-agent仍然没有任何密钥。 If your keys have no passphrase, then ssh-add can simply be run from the script. 如果您的密钥没有密码,那么可以从脚本中简单地运行ssh-add 。
If your private key does have a passphrase, you might want to run this script as a daemon rather than a cron job. 如果您的私钥确实有密码短语,您可能希望将此脚本作为守护程序而不是cron作业运行。 This would allow you to connect to the agent and add your private keys. 这将允许您连接到代理并添加您的私钥。
The real reason the script works from the command line is that your desktop environment is probably running ssh-agent and it arranges for the needed environment variables to be propagated to all your terminal windows. 脚本在命令行中运行的真正原因是您的桌面环境可能正在运行ssh-agent ,它会安排将所需的环境变量传播到所有终端窗口。 (Either by making them be children and inheriting the variables or by having your shell source the necessary commands.) I'm guessing you are running ssh-add at some point in your normal workflow? (要么让他们成为孩子并继承变量,要么让你的shell获得必要的命令。)我猜你在正常的工作流程中的某些时候运行ssh-add ?
解决方案2
2 2009-11-04 02:45:38
The ssh-agent process only provides a facility to use with ssh-add to add your passphrase. ssh-agent进程仅提供与ssh-add一起使用的工具来添加密码。 It does not automatically make your key available (your private key cannot be decrypted without your passphrase). 它不会自动使您的密钥可用(如果没有您的密码,您的私钥就无法解密)。
In order to do this, you will need to create a passphraseless key and use that from the cron job. 为此,您需要创建一个无密码密钥并使用cron作业中的密钥 。 The usual safety warnings apply when using passphraseless keys. 使用无密码密钥时,通常的安全警告适用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.