views:

317

answers:

1

I wrote a simple script which mails out svn activity logs nightly to our developers. Until now, I've run it on the same machine as the svn repository, so I didn't have to worry about authentication, I could just use svn's file:/// address style.

Now I'm running the script on a home computer, accessing a remote repository, so I had to change to svn+ssh:// paths. With ssh-key nicely set up, I don't ever have to enter passwords for accessing the svn repository under normal circumstances.

However, crontab did not have access to my ssh-keys / ssh-agent. I've read about this problem a few places on the web, and it's also alluded to here, without resolution:

http://stackoverflow.com/questions/869589/why-ssh-fails-from-crontab-but-succedes-when-executed-from-a-command-line

My solution was to add this to the top of the script:

### TOTAL HACK TO MAKE SSH-KEYS WORK  ###
eval `ssh-agent -s`

This seems to work under MacOSX 10.6.

My question is, how terrible is this, and is there a better way?

+1  A: 

When you run ssh-agent -s, it launches a background process that you'll need to kill later. So, the minimum is to change your hack to something like:

eval `ssh-agent -s` 
svn stuff
kill $SSH_AGENT_PID

However, I don't understand how this hack is working. Simply running an agent without also running ssh-add will not load any keys. Perhaps MacOS' ssh-agent is behaving differently than its manual page says it does.

pra
I was surprised too, but I think the answer to that is over here:http://serverfault.com/questions/108798/ssh-passphrase-remembered-in-macosx-snow-leopardI'm guessing it's a combination of passwords stored in the system keychain, and having ssh-keys added until system logout. But that's just a guess. Thank you for the tip about killing the cron ssh-agent process!
khedron
Voting you up because I had about a dozen ssh-agent processes running in the background, after my testing last night. Thanks!
khedron