从通过 cron 作业运行的 bash 脚本访问 SSH 密钥
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1671413/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Accessing SSH key from bash script running via a cron job
提问by Joel Hooks
I've put this script together to updated a folder of forked Github repositories on a daily basis. It runs fine if I call it from a prompt, but I can' figure out how to make it utilize my id_rsa reliably when it is run as a cron job. the eval 'ssh-agent'is an attempt to do just that, but it doesn't seen to have any positive affect.
我已经把这个脚本放在一起,每天更新一个分叉 Github 存储库的文件夹。如果我从提示中调用它,它运行良好,但是当它作为 cron 作业运行时,我无法弄清楚如何让它可靠地利用我的 id_rsa。这eval 'ssh-agent'是一个尝试这样做,但它没有看到有任何积极的影响。
#!/bin/sh
LOGPATH=log.txt
eval 'ssh-agent'
cd /path/to/update/folder
echo "-------START UPDATE-------">$LOGPATH
echo "Updating repos:">>$LOGPATH
date "+%F %T">>$LOGPATH
COUNT=1
find . -maxdepth 1 -type d | while read dir; do
cd "$dir"
LEN=$"${#dir}"
if [ $LEN != "1" ]
then
echo "*********">>$LOGPATH
echo "$COUNT. " ${dir:2}>>$LOGPATH
/usr/local/bin/git pull upstream master>>$LOGPATH 2>> $LOGPATH
/usr/local/bin/git push origin master>>$LOGPATH 2>> $LOGPATH
let COUNT=COUNT+1
fi
cd "$OLDPWD"
done
echo "-------END UPDATE-------">>$LOGPATH
exit 0
This is probably a horribly inefficient way to go about the process in general, but it works and I don't ever see it. If I could get it to use my creds, I would be elated.
一般来说,这可能是一种非常低效的方法来处理这个过程,但它有效,我从未见过它。如果我能让它使用我的信用,我会很高兴。
回答by DigitalRoss
I believe you are using the wrong kind of quotes. Plain-quoting ssh-agent doesn't do anything, you need to incorporate the results of running it by using command substitutionwith:
我相信您使用了错误的引号。简单引用 ssh-agent 不做任何事情,您需要通过使用以下命令替换来合并运行它的结果:
eval `ssh-agent`
or
或者
eval $(ssh-agent)
This causes the script to set the needed environment variables. However, ssh-agentstill will not have any keys unless you ssh-addthem. If your keys have no passphrase, then ssh-addcan simply be run from the script.
这会导致脚本设置所需的环境变量。然而,ssh-agent除非你ssh-add他们,否则仍然不会有任何钥匙。如果您的密钥没有密码,则ssh-add可以简单地从脚本运行。
If your private key does have a passphrase, you might want to run this script as a daemon rather than a cron job. This would allow you to connect to the agent and add your private keys.
如果您的私钥确实有密码,您可能希望将此脚本作为守护程序而不是 cron 作业运行。这将允许您连接到代理并添加您的私钥。
The real reason the script works from the command line is that your desktop environment is probably running ssh-agentand it arranges for the needed environment variables to be propagated to all your terminal windows. (Either by making them be children and inheriting the variables or by having your shell source the necessary commands.) I'm guessing you are running ssh-addat some point in your normal workflow?
该脚本从命令行运行的真正原因是您的桌面环境可能正在运行,ssh-agent并且它安排将所需的环境变量传播到您的所有终端窗口。(通过使它们成为子项并继承变量,或者通过让您的 shell 源获得必要的命令。)我猜您正在ssh-add正常工作流程中的某个时刻运行?
回答by Greg Hewgill
The ssh-agentprocess only provides a facility to use with ssh-addto add your passphrase. It does not automatically make your key available (your private key cannot be decrypted without your passphrase).
该ssh-agent过程仅提供ssh-add用于添加密码短语的工具。它不会自动使您的密钥可用(如果没有您的密码,您的私钥将无法解密)。
In order to do this, you will need to create a passphraselesskeyand use that from the cron job. The usual safety warnings apply when using passphraseless keys.
为此,您需要创建一个无密码密钥并在 cron 作业中使用它。使用无密码密钥时适用通常的安全警告。
