I'm trying to have an unattended remote PC log some data on home PC.
man sshd says I should be able to put a command in authorized_keys.
This is what I have on the remote machine. The key is a special key that isn't used elsewhere.
I think this should work, but it doesn't.
I think my desktop it's trying execute the received text instead of cat it to the log file. This is displayed on the remote machine:
Pseudo-terminal will not be allocated because stdin is not a terminal.
-bash: line 1: 07/09/11: No such file or directory
Do I need a pty? How can I get stdin written to a file without a pty if I need one?
How do I get it to execute the /bin/cat command, not the received text?
That will be much easier to setup and more secure since the log generating machine will not be able to connect @ all to desk_pc.
While desk_pc will be able ssh to log machine and execute specific command/script only (as per key setup).
The problem is, the remote site may have it's IP address changed, so I won't be able to ssh to it until I get the new IP address.
That's actually the main reason I want to do this. I can easily tell it my home IP address through a tiny file on a public site. But I have to give it the power to write something somewhere to tell me it's IP address.
This should be simple. And it almost works. But it doesn't.
No matter what I echo, it never writes to the log.
In fact, I tried to just touch the log, but it was not created.
The "command=" options seems to always be ignored.
Actually, that's not right. I put -v on ssh in my experimenting and found that ssh not only looks at the key I provided on the command line with -i, but it also considers the other key that is held in memory in unencrypted form by an ssh-agent process. It apparently chooses the one it wants, NOT the one I specified.
The usual method of figuring out anything's IP address would be a DNS server. Just because you have a dynamic one doesn't rule this out... There's free DNS hosting available from various places, and your computer would keep the DNS entry updated by running a small monitor script.
Keeping going with your current solution, if you don't want it to use ssh-agent, you can just undo the environment variables ssh-agent sets:
It's not that I don't want to use ssh-agent, it's that you have to be present after a reboot to type in the passphrase to unlock the secret key to use it. The nature of a remote system is that I won't be present.
But, actually, I think this might work after all. I killed ssh-agent and ran ssh (the remote computer isn't remote yet--it's right here), and it did indeed use the key I specified and I think it executed the bash script I set "command" equal to in that test.
I have to experiment some more to see if it really will do just what I need.
Well, sure, but you had the agent going anyway, and it messed up your program. I'm just telling you how to force it not to use ssh-agent without actually killing the agent. You can easily save the values for later if you want to put them back.
I have a similar problem and I have a solution that I've used for many years and has worked without much of a glitch.
First on my home server I have lynx installed, using it I have a script to get the ip by calling w w w . whatismyip . com (or another of the IP services), then I send an eMail with it and I update my home page on the homepage served by my ISP for my server.
My favorite such site is queryip.net/ip/ because you don't have to use lynx or much of a script to scrape the IP. The IP address is all that's returned. Here's the whole script:
IP=$(curl -s http://queryip.net/ip/)
# or
IP=$(wget -q -O- http://queryip.net/ip/)
Also, if your ISP maps your address to a URL (most do), you can get it this way:
URL=$(curl -s http://queryip.net/url/)
Emailing it to myself is, of course, an option. I did that one place, but email turned out to be more fragile than I would have guessed. I have to authenticate myself to my ISP, so I must store my email password on the remote, and there's a third party involved with a not-very-trivial protocol.
I was hoping this would be simpler. Actually, I have it working well enough to achieve my purposes, but after I started working on it, I decided to expand it to a general logging capability. But that's not working. But I don't really need that, so maybe I'll let well-enough alone.