If your build process includes running commands on an agent machine that is not an ElectricCommander supported platform, you can use the proxy agent feature introduced in ElectricCommander v3.1. However, this feature relies on setting up SSH keys between the proxy agent and proxy target.
To set up SSH keys:
- Log in to the proxy agent machine as the “user” the Commander Agent is running as.
.sshdirectory if it does not already exist. Make sure the home and
.sshdirectories are not group or world-writable.
proxy-agent% chmod og-w ~ proxy-agent% mkdir -p ~/.ssh proxy-agent% chmod og-w ~/.ssh proxy-agent% ssh proxy-target 'chmod og-w $HOME; mkdir -p $HOME/.ssh; chmod og-w $HOME/.ssh' Password:
Generate a DSA public/private key-pair.
proxy-agent% ssh-keygen -t dsa -f ~/.ssh/id_dsa -N ""
- Add the public key (
id_dsa.pub) to the
authorized_keysfile on the target machine. Make sure the key is not group or world-writable.
If the user’s home directory is shared between the two machines, do this on the proxy agent machine:
proxy-agent% cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys proxy-agent% chmod og-w ~/.ssh/authorized_keys
If the user’s home directory is not shared, copy the public key file to the proxy target machine, then add the contents of the file to
authorized_keyson the target machine.
proxy-agent% scp ~/.ssh/id_dsa.pub proxy-target:id_dsa.pub proxy-agent% ssh proxy-target 'cat $HOME/id_dsa.pub >> $HOME/.ssh/authorized_keys; chmod og-w $HOME/.ssh/authorized_keys; rm $HOME/id_dsa.pub' Password:
Now you should be able to
sshfrom the proxy agent machine to the proxy target machine without being prompted for a password. Verify:
proxy-agent% ssh proxy-target pwd /home/myuser
- Congratulations! You are ready to define a Commander resource that proxies commands through a Linux or Windows Commander agent to a proxy target host.
The example code above assumes the proxy agent is a Linux machine, but with a little modification the code works on a Windows proxy agent with appropriate SSH client utilities installed. For example, permissions probably do not matter on the proxy agent directory containing key files, and the commands to generate and transfer keys need to be modified to point to a Windows-format path.
If you use Cygwin SSH, the instructions provided above work without modification.
Remember, Commander uses its own (non-Cygwin) SSH client library. Thus, after validating key-based authentication works from the command-line, make sure you call
setSSHKeyFiles in the proxy customization block of a proxy resource definition with the location of the public and private key-files generated above, in Windows path format.
Some environments may use different user names on the proxy agent and proxy target. To set up key-based authentication:
- Modify the instructions above, replacing references to ‘
proxy-target’ with ‘
- On the proxy resource, set the user in “Proxy Customizations” with “setSSHUser(‘user’);”
The most common issues that prevents password-less logins are:
- The “permissions” set on the Home or SSH directories; the instructions above try to address this issue.
- The SSH server on the proxy target is configured not to allow key-based authentication.
Consult your SSH server documentation for more details.
- Product versions: ElectricCommander v3.1 and higher
- OS versions: Linux and Windows