From PC1, I SSH into SERVER1 where I have a bash script, that will SSH & auth to SERVER2 using an SSH-key that's password-protected.
Everything works fine when I manually execute my script, using ssh-agent to load my password-protected key into memory and forwarding it to SERVER2 for auth.
But using crontab on SERVER1 it routinely fails; how can I get the following command to work using a password-protected SSH key?
SERVER1$ ssh -i ~/.ssh/somekey.pem SERVER2
You can't. The idea of password-protecting the keys is that every time the key is read, the password needs to be supplied. When running the command automatically, there is nothing which could provide the necessary password, so ssh won't get access to the private key.
It is possible to circumvent this, using some kind of automation which does provide the password from code (using expect for example), but that way, you would have to save the password somewhere in order to feed it to ssh. So you password-protect the key, but provide the password right away, so what's the point?
I think it is better to have a passwordless key for automated tasks.
