I have some scripts made to SSH into server A with a private key and do some stuff. It's for deploying software builds as I release them and for automated mainenance taskts.
The series of commands tend to be structured around
but I can't get them to work. The central problem seems to be that after the ssh goes into server B, it no longer has access to the ppk saved on my local machine.
How can I adapt my script commands to this new horrible reality? Because they're automated I can't set up, like, a PuTTy terminal or anything to create a tunnel (unless you guys know of a way to make this work in a script situation that needs to be somewhat portable and scheduled)
Ideally, serverB is set up for agent forwarding. If it is, you can use the -A option to forward your private key to a chained ssh session, similar to
ssh -i serverBPrivateKey.ppk serverB -t ssh -A serverA
This assumes that both serverB and serverA have the same public key in ~/.ssh/authorized_keys, and they both match the private keyfile on your local workstation.
But let's say that agent forwarding is turned off, or that serverA and serverB don't share a public key and you have no write access to the public key file on one or either host.
I'm not sure that the following will work, but I'd give it a try. The <( command ) syntax pipes in the output of a UNIX command as a file:
I just don't know if that will get passed from one ssh session to the other properly.
There are a couple of last-ditch resorts, but they're both pretty bad:
1) Create an NFS share on serverA, put your private keyfile there, then mount it in your script from serverB. This exposes your private keyfile to the network, so you'd want to use an ACL at the minimum to lock it down. But yeah it's pretty bad, and I wouldn't do it.
2) Just use plaintext username and password, stored in a script on your local machine, to log into serverA. You can use an expect script to this, but that's also pretty bad, for obvious reasons.
the two private keys are different, so there's that.
probably i'll just end up demanding that the people running the servers either give me some private space on server B where I can put the private key for server A, or else demand that they give me a single key that is authenticated in both servers.
my other option i guess is to set up a tunnel mapping some local port to server B and then figure out how to ssh via that port. there's probably some way.
Posts
So it not in memory of this guy?
maybe i'm streaming terrible dj right now if i am its here
Then it does count.
long time no see!
Correct but he called Bro though.
maybe i'm streaming terrible dj right now if i am its here
I cant afford a Ferrari
@Solomaxwell6 will create the new thread
@Jacobkosh is backup
@Feral
thanks man. i'll give it a look tomorrow
the two private keys are different, so there's that.
probably i'll just end up demanding that the people running the servers either give me some private space on server B where I can put the private key for server A, or else demand that they give me a single key that is authenticated in both servers.
my other option i guess is to set up a tunnel mapping some local port to server B and then figure out how to ssh via that port. there's probably some way.
gahh fuck this unix world