[RndTbl] SSH to a role (not exactly)
Kevin McGregor
kevin.a.mcgregor at gmail.com
Fri Mar 6 08:11:58 CST 2015
Augh. Sorry for the lame-ass question. Forget what I said. Anyway:
So, two Solaris 11.2 systems. On one of them I want to run this in a cron
job:
zfs send -RI ${lastsnap} rpool/zones/${zone}@${currsnap} | ssh ${desthost}
"zfs recv -o canmount=off -o compression=on -dFuv rpool"
or more generically
<command I run as root> | ssh <dest-host> "command I need to run as root"
I can set up the SSH keys so this works without passwords, but I only
understand how to make that work when 'root' is an account and not a
"role". So I guess I should look into how to run commands with a specific
user account which can run the zfs command and set up the SSH keys so it
works without requiring a password.
On Thu, Mar 5, 2015 at 10:43 PM, Trevor Cordes <trevor at tecnopolis.ca> wrote:
> On 2015-03-05 Kevin McGregor wrote:
> > I'm using Solaris 11.2. I can do this:
> >
> > logon with an unprivileged account which is allowed to take on the
> > 'root' role
> > su
> > type password
> > run privileged command
> > end the su
> >
> > This works fine. The privileged command I want to run, though, is to
> > SSH to another system with the same account and run the command
> > *there* as the remotely privileged account/role, all from a script
> > and without (obviously) having to type a password anywhere.
>
> But your manual process outlined has you typing the password (for su).
> If you can't have it be passwordless manually, how can you make it
> passwordless when scripted? Give us a manual step-by-step process
> first that is passwordless, then we'll worry about scripting it. :-)
>
> Why is ssh privileged on the middle system? Can't just any user ssh to
> the final box?
>
> > I've figured out how to do all this IF root is *not* a role and is a
> > regular account. How do I do it while leaving root as a role?
>
> Sorry, I can't help with roles, I don't use Solaris.
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150306/4c6aca78/attachment.html>
More information about the Roundtable
mailing list