On Thu, May 26, 2011 at 4:47 PM, Larry Hall (Cygwin) wrote: > On 5/26/2011 11:10 AM, Matthew Leonhardt wrote: >> >> Hello all, >> >> I'm trying to install a service to keep some SSH tunnels alive using >> the following script: >> >> $ cat ssh_tunnel.exe >> #!/usr/bin/bash >> while : >> do >> /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:139 \ >> | grep LISTENING> /dev/null >> if (( $? )); then >> /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \ >> -L 192.168.0.1:139:127.0.0.1:139 -N remote_u...@remote.host 2>&1& >> fi >> /cygdrive/c/WINDOWS/system32/netstat -an | grep 192\.168\.0\.1:3306 \ >> | grep LISTENING> /dev/null >> if (( $? )); then >> /usr/bin/ssh -v -v -v -x -i/home/user/.ssh/id_rsa -2 \ >> -L 192.168.0.1:3306:127.0.0.1:3306 -N remote_u...@remote.host 2>&1& >> fi >> sleep 300 >> done >> >> The script works fine at the command line, but fails when running as a >> service. My vain attempt to gather info (-v -v -v) only yields: >> >> Permission denied, please try again. >> Permission denied, please try again. >> Permission denied (publickey,gssapi-with-mic,password). >> >> in the service log (all three lines for each instance of an ssh command). >> >> SYSTEM should have access to id_rsa: >> >> $ getfacl id_rsa >> # file: id_rsa >> # owner: user >> # group: Domain Users >> user::rw- >> group::--- >> group:SYSTEM:r-- >> mask:rwx >> other:--- >> >> $ ls -l id_rsa >> -rw-------+ 1 user Domain Users 1679 Dec 13 13:40 id_rsa >> >> But, id_rsa was generated as "user", not as "SYSTEM," so I'm wondering >> if SYSTEM needs it's own private RSA key, and how one would go about >> generating one, since I don't seem to be able to su to the SYSTEM >> user. > > Correct. What you propose could be a work-around for your case. Check > out the link below for how to create a SYSTEM-owned shell that you can > then experiment with. > > <http://cygwin.com/ml/cygwin/2004-08/msg01132.html>
Brilliant! That's exactly what I was looking for and it totally did the trick. TY! FWIW, I had to modify the shortcut to use full paths to the date and sleep commands. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
