using SSH to execute commands on remote servers as different user

From: Dave [Hawk-Systems] (dave_at_hawk-systems.com)
Date: 07/29/03

  • Next message: Gary D. Margiotta: "Re: IDE Raid Controllers" 
    To: <freebsd-isp@freebsd.org>
Date: Tue, 29 Jul 2003 12:20:03 -0400

    To update, modify, and do other ISP type things to user accounts and files on
    remote servers, we commonly use SSH to run commands remotely. To date, we have
    been running them as user sysadmin for example, where that same user account
    exists on all the servers with the appropriate permissions to do only what it
    requires, and the user@master_server added to authorized_keys for that user.
    Much of this is through a seperate apache daemon running as that user on the
    master_server.

    We find ourself in a position to need to access, on occasion, other user
    accounts to occomplish similar tasks. from the command line this would be easy
            ssh -l otheruser server command
    but inputting the password for that user represents a challenge. We do not want
    to store that password in all the scripts, nor have them available to any files
    that the seperate web server views (regardless of the security precautions).

    In reading, I am thinking that the "-i identity_file" might contain the magic
    bullet we are looking for. Finding some good examples on how to use that to
    bypass the above problem though has to date been difficult.

    any comments/help on the above, or other alternatives if the -i flag is a dead
    end?

    thanks

    Dave

    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Gary D. Margiotta: "Re: IDE Raid Controllers"

    Relevant Pages

    • Re: Core servers
      ... root, two DCs different sites, no user accounts. ... INF and RID roles for the child domain be isolated from ... The term core servers is being used to describe these DCs ...
      (microsoft.public.windows.server.active_directory)
    • Re: mso9.dll/msaccess error
      ... database is using SQL replication. ... >> Remote servers also send their local updates to the ... > Your wording sounds like Replication may be in use. ...
      (microsoft.public.access.setupconfig)
    • Re: workgroup vs domain recommendation
      ... The issue of one ID/pwd accessing multiple boxes ... uses a second private domain, and only set up one-way trust between your ... manipulate public servers, ... The domain is attractive for simplifying user accounts and implementing ...
      (microsoft.public.inetserver.iis.security)
    • NT migration to W2K / E2K Help
      ... The Migration also includes Exchange 5.5 Servers ... The ADC was run and disabled user accounts were created in the ... While I can survive with out the Sid History of the User accounts I ...
      (microsoft.public.exchange2000.setup.installation)
    • Moving user accounts to W2K from NT Need advice badly
      ... The Migration also includes Exchange 5.5 Servers ... The ADC was run and disabled user accounts were created in the ... While I can survive with out the Sid History of the User accounts I ...
      (microsoft.public.win2000.active_directory)