Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't run an ssh command on power events from a unit file #21953

Closed
danielkrajnik opened this issue Jan 1, 2022 · 4 comments
Closed

can't run an ssh command on power events from a unit file #21953

danielkrajnik opened this issue Jan 1, 2022 · 4 comments
Labels
pid1

Comments

@danielkrajnik
Copy link

danielkrajnik commented Jan 1, 2022
edited

You can't use a user's ssh-agent from a system unit file.
You can't use sleep.target from a user unit file.
systemd ignores /etc/pm/sleep.d scripts.

This means that if you want to run a command remotely via ssh on a power event
you just can't.

https://unix.stackexchange.com/questions/149959/how-to-run-systemd-user-service-to-trigger-on-sleep-aka-suspend-hibernate
@danielkrajnik danielkrajnik changed the title use ssh-agent from a system unit file user's ssh-agent from a system unit file inaccesssible Jan 1, 2022
@danielkrajnik danielkrajnik changed the title user's ssh-agent from a system unit file inaccesssible can't run ssh on power events Jan 1, 2022
@danielkrajnik danielkrajnik changed the title can't run ssh on power events can't run ssh on power events from a unit file Jan 1, 2022
@danielkrajnik danielkrajnik changed the title can't run ssh on power events from a unit file can't run an ssh command on power events from a unit file Jan 1, 2022
@danielkrajnik
Copy link
Author

Maybe a workaround is to find SSH_AUTH_SOCK in /tmp
https://github.com/wwalker/ssh-find-agent/blob/master/ssh-find-agent.sh#L37
and setting it up manually via a file
https://unix.stackexchange.com/questions/511797/creating-os-environment-variables-using-execstartpre-on-systemd

@danielkrajnik
Copy link
Author

EDIT: it worked

suspend-system.service:
[Unit]
Before=sleep.target

[Service]
EnvironmentFile=/home/username/.config/systemd/user/ssh-agent-socket-location
ExecStartPre=/bin/bash -c 'echo SSH_AUTH_SOCK=$(find /tmp -maxdepth 2 -type s -name agent.* 2> /dev/null | grep '/ssh-./agent.' | head -n 1) > /home/username/.config/systemd/user/ssh-agent-socket-location'
ExecStart=ssh machinename sudo systemctl suspend
User=username
Group=username

[Install]
WantedBy=sleep.target

why systemd blocks SSH_AUTH_SOCK? Is this solution insecure?

@danielkrajnik
Copy link
Author

EDIT2 without EnvironmentFile:
[Unit]
Before=sleep.target

[Service]
ExecStart=/bin/bash -c 'SSH_AUTH_SOCK=$(find /tmp -maxdepth 2 -type s -name agent.\* 2> /dev/null | grep '/ssh-./agent.' | head -n 1) ssh machinename sudo systemctl suspend'
User=username
Group=username

[Install]
WantedBy=sleep.target

@yuwata yuwata added the pid1 label Jan 24, 2022
@poettering
Copy link
Member

I am not sure I follow, but you want to use a running user SSH agent from a system service that also runs something udner that UID? You probably want to use PAMName, so that your code actually runs under the user's session instead of a real system service...

But this isn't really a feature request or bug report, but a support question. Those do not belong here. Please use the mailing list or so instead. The submission form should have made that clear to keep frustration at a minimum.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pid1
Milestone
No milestone
Development

No branches or pull requests
3 participants
@poettering @yuwata @danielkrajnik