Hi,
I am new to Linux, currently using Debian plus MongoDB for cloud services and also going into ARM-based embedded applications.

My problem:
A shell script running under root uses ssh-keygen to create ssh keys.
Just before the keygen, su command is used to switch over to the tunnel-user.
I expected the comment within the public rsa key to be tunnel-user, but instead it is root@host.

As a workaround I tried to specify the comment explicitly with -c and -C but without success.

When giving the 'su tunnel-user command' interactively, I found that the prompt remains at root@host, but the command does not give an error, which I consider strange.

So in fact I have 2 questions:
- what can be the reason that the change of user (per su) is not shown in the prompt? (I experimented with .bashrc and .profile, but no success)
- where does ssh-keygen take its user information for he comment from? (could not find this in the documentation)

Note, why this is important: We have db clusters with a number of servers and tunnel users, so correctly commenting the keys from the beginning would be helpful and avoid admin errors later when the keys are copied into authorized_keys.

Thanks for all insights!

You can check /var/log/messages file for any possible problem. Als you may try to run su with a space and -,like su - , which causes the environment variable to be changed also.

Have you tried using sudo? You may try:

sudo -u user command

Thanks!

1 members found this post helpful.

Thanks for the hints!

I found out why su did not work: Since the user was created per script as system user, it had :bin/false in its passwd entry, which disables shell response.
As workaround for debugging use the -s option to enable shell interaction: su - user -s /bin/sh

Solved!

Since user switching now works properly with -s option above, ssh_keygen generates the correct comment!

Mystery solved, thanks!