2

I am writing a bash script that should start a serf agent(http://www.serfdom.io/intro/index.html) on a remote machine via ssh. I have set up rsa keys using...

ssh-key-gen -t rsa -b 4096
ssh-copy-id -i ~/.ssh/id_rsa.pub <remote-host>

And I can ssh into the remote machine without a password from the terminal. This is the call I'm making in the script

ssh <user>@<hostname> "serf agent -node database -event-handler user:database_install=~/serf_install_db_handler.sh"

But when the script is executing, I have to use this command in order to run it without password prompt...

ssh -i ~/.ssh/id_rsa.pub <remote-host> <command>

Why do I have to do this in the script when I don't need to do it in the terminal?

2

2 Answers 2

2

ssh -i selects a file from which the identity (private key) or public key authentication is read.

You could configure ssh to use it in your config for this host so you do not have to specify it.

Add to ~/.ssh/config (replace server.example.com with hostname or IP of your server):

Host server.example.com
    User username
    Hostname server.example.com
    PreferredAuthentications publickey,password
    IdentityFile ~/.ssh/id_rsa.pub

This config will make your connection to always try to use id_rsa.pub key and then fallback to password if key would not be available for some reason.

So now you should be able to use ssh <user>@<host> <command> with it automatically using your private key for authentication.

4
  • Okay. So even though I used...ssh-copy-id -i ~/.ssh/id_rsa.pub <remote-host> the ssh call in the bash script is not using the key?
    – restin84
    Commented Mar 21, 2014 at 15:51
  • Nowhere in my answer did I tell you to use ssh-copy-id, so please reread my answer.
    – ek9
    Commented Mar 21, 2014 at 16:21
  • I understand that you did not mention ssh-copy-id but you did not say NOT to use it. However I did what you said. I've called the host database. In the terminal the call to ssh is successful (no password/passphrase). If I do the same command in the bash script I get this error: ssh: Could not resolve hostname database: Name or service not known
    – restin84
    Commented Mar 21, 2014 at 16:39
  • Doesn't the IdentityFile directive require the name of the private key? Also, the Hostname directive is superfluous in this example.
    – Jim L.
    Commented Feb 1, 2019 at 21:03
0

Have you tried ssh-add on the system start?

ssh-add — adds private key identities to the authentication agent

you can use this command and by default on connection ssh will try to use your private keys and only after that - password.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .