Advice about SSH keys for service accounts

[Mike Leone]

I need some advice. We are a PeopleSoft shop here, the Oracle software. And we have some procedures where PeopleSoft application will actually drop down to a Windows command prompt, and run commands or execute a batch fle.

Now ...  one of these routines used to use FTP to transfer files, and then process them. Me, I don't wanna use FTP, I would rather use SFTP (at least that's encrypted). I'm still testing, but I'm supposing that when PeopleSoft drops down to that command prompt, it will be executing as the service account that PeopleSoft is running as (haven't verified for certain, but it should be that, right?0. So anyway, in order to do these SSH-based commands, such s SFTP, I need to do it without being prompted for cred, of course. And for SSH, the way you do that is to put your SSH key into a file called AUTHORIZED_KEYS on the SSH server, and then you aren't prompted for credentials.

So my question is ... has anyone done this? i.e., used pre-shared SSH keys from a service account in Windows? I've done pre-shared keys before, in both Linux and Windows, but those were from user accounts, not service accounts. For example, I have cron jobs that use pre-shared keys on Linux, but again, that was created by the user I was logging in with, I haven't tried it with an account I don't normally interactively log in with.

Thanks. I'm sure I didn't adequately explain it. But I *think* that if I log in as that service account, create a key, then push it to the authorized keys on the target server (the beauty of the ssh-copy-id command), then my PeopleSoft routine should Just Work. It's working that way now for my developer, but he's doing this as himself, not as the (eventual) service account.

--

Mike. Leone, <mailto:tur...@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>