I know how to get a user to ssh into another box with a key:
ssh -l targetuser -i path/to/key targethost
But what about non-account users like apache? As this user doesn't have a home directory to which it can write a .ssh directory, the whole thing keeps failing with:
$ sudo -u apache ssh -o StrictHostKeyChecking=no -l targetuser -i path/to/key targethost
Could not create directory '/var/www/.ssh'.
Warning: Permanently added '<hostname>' (RSA) to the list of known hosts.
Permission denied (publickey).
I've tried variations using -o UserKnownHostsFile=/dev/null and setting $HOME to /dev/null and none of these have done the trick. I understand that sudo could probably fix this for me, but I'm trying to avoid having to require a manual server config since this code will be deployed on a number of different environments.
Any ideas?
Here's a few examples of what I've tried that don't work:
$ sudo -u apache export HOME=path/to/apache/writable/dir/ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost
$ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=path/to/apache/writable/dir/.ssh/known_hosts -l deploy -i path/to/key targethost
$ sudo -u apache ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l deploy -i path/to/key targethost
Eventually, I'll be using this solution to run rsync as the apache user.
Best Answer
Just create /var/www/.ssh/ and give apache write permission for it or change apache's $HOME to a directory where he can write.