Have an unprivileged non-account user ssh into another box?
Posted
by Daniel Quinn
on Server Fault
See other posts from Server Fault
or by Daniel Quinn
Published on 2010-05-14T22:02:51Z
Indexed on
2010/05/14
22:14 UTC
Read the original article
Hit count: 338
I know how to get a user to ssh into another box with a key:
ssh -l targetuser -i path/to/key targethost
But what about non-account users like apache
? As this user doesn't have a home directory to which it can write a .ssh
directory, the whole thing keeps failing with:
$ sudo -u apache ssh -o StrictHostKeyChecking=no -l targetuser -i path/to/key targethost
Could not create directory '/var/www/.ssh'.
Warning: Permanently added '<hostname>' (RSA) to the list of known hosts.
Permission denied (publickey).
I've tried variations using -o UserKnownHostsFile=/dev/null
and setting $HOME
to /dev/null
and none of these have done the trick. I understand that sudo
could probably fix this for me, but I'm trying to avoid having to require a manual server config since this code will be deployed on a number of different environments.
Any ideas?
Here's a few examples of what I've tried that don't work:
$ sudo -u apache export HOME=path/to/apache/writable/dir/ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost
$ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost
$ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l deploy -i path/to/key targethost
Eventually, I'll be using this solution to run rsync as the apache
user.
© Server Fault or respective owner