anyone good with ssh-agent & cronjobs?
Bill Campbell
linux-sxs at celestial.com
Tue Jul 29 18:01:42 PDT 2014
On Tue, Jul 29, 2014, Lonni J Friedman wrote:
>I'm trying to sort out the right way to use ssh-agent (using ssh keys)
>from inside of shell script driven cronjobs. ssh-agent works fine
>outside of the crobjob (and even if I run the shell script manually).
>However, when invoked via cron, the script fails to connect to the
>pre-existing ssh-agent, and ssh auth fails as a result. I've googled
>quite a bit, and the advice is rather muddy. There are dozens of
>super hacky 'solutions', which seem to work for some people and not
>others. The crux of the problem seems to be figuring out a reliable
>way of acquiring the SSH_AUTH_SOCK & SSH_AGENT_PID variables for the
>pre-existing ssh-agent session that already has all my ssh keys loaded
>into it. I'd like to think its as easy as running 'ssh-agent -s',
>however all that seems to do is spawn a new agent session which has no
>keys pre-loaded, and is effectively useless.
>
>What am I missing here? Surely this has to work, right?
It's been a while since I did this. I think one way to do this is to use
keys with empty pass phrase which doesn't require ssh-agent.
Most of the remote cron things I do now are done via XMLRPC calls to a
server on the remote machine to handle specific tasks such as running
'make' in a DNS directory after updating zone files.
Using rsync modules works well with the primary security allowing access to
specific modules based on the IP address of the connecting system.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
Common sense is genius dressed in its working clothes.
-- Ralph Waldo Emerson
More information about the Linux-users
mailing list