I have a systemctl service that starts a process smd-loop
in a screen
session. This process requires acces to remote SSH sources (for syncing purposes) and thus needs to be able to access my id_dsa
private key.
How can I set up the systemd service so that it will work? The following service starts the process correctly but requires me to attach to the screen session and manually type in the id_dsa
password.
[Unit]
Description=smd loop
After=local-fs.target network.target
[Service]
User=%i
Group=users
Type=Forking
ExecStart=/usr/bin/screen -S smd-loop-win -md "smd-loop"
RemainAfterExit=yes
When I manually start smd-loop
the id_dsa
password is not required since I've insalled the pam_ssh
module which starts an ssh-agent
that holds the password at login.
Best Answer
You need to put the identity files containing not encrypted private key into
~/.ssh
directory of the user the service is running. Also, you need to set the HOME environment variable for it, for example if it is run as root:Alternatively, if you have a control on how
smd-loop
invokesssh
you may add-I
option to tell thessh
an identity file to use.In any case the identity file has to be owned by this user and has to be accessible by this user only (
chmod 0400 ~/.ssh/id*
) .