anyone good with ssh-agent & cronjobs?

David A. Bandel david.bandel at gmail.com
Wed Jul 30 09:57:52 PDT 2014 

Lonnie,

Are your scripts picking up the user's environment variables?  I've seen
this failure and seem to recall that it was because the script was running
without the necessary user environment.  Too often cron jobs aren't
sourcing everything they need.

David-


On Tue, Jul 29, 2014 at 8:01 PM, Bill Campbell <linux-sxs at celestial.com>
wrote:

> On Tue, Jul 29, 2014, Lonni J Friedman wrote:
> >I'm trying to sort out the right way to use ssh-agent (using ssh keys)
> >from inside of shell script driven cronjobs.  ssh-agent works fine
> >outside of the crobjob (and even if I run the shell script manually).
> >However, when invoked via cron, the script fails to connect to the
> >pre-existing ssh-agent, and ssh auth fails as a result.  I've googled
> >quite a bit, and the advice is rather muddy.  There are dozens of
> >super hacky 'solutions', which seem to work for some people and not
> >others.  The crux of the problem seems to be figuring out a reliable
> >way of acquiring the SSH_AUTH_SOCK & SSH_AGENT_PID variables for the
> >pre-existing ssh-agent session that already has all my ssh keys loaded
> >into it.  I'd like to think its as easy as running 'ssh-agent -s',
> >however all that seems to do is spawn a new agent session which has no
> >keys pre-loaded, and is effectively useless.
> >
> >What am I missing here?  Surely this has to work, right?
>
> It's been a while since I did this.  I think one way to do this is to use
> keys with empty pass phrase which doesn't require ssh-agent.
>
> Most of the remote cron things I do now are done via XMLRPC calls to a
> server on the remote machine to handle specific tasks such as running
> 'make' in a DNS directory after updating zone files.
>
> Using rsync modules works well with the primary security allowing access to
> specific modules based on the IP address of the connecting system.
>
> Bill
> --
> INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
> URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
> Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
> Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792
>
> Common sense is genius dressed in its working clothes.
>   -- Ralph Waldo Emerson
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mailman.celestial.com/mailman/listinfo/linux-users
>



-- 
Two things are infinite: the universe and human stupidity; and I'm not sure
about the the universe. -- Albert Einstein
Visit my web page at: http://david.bandel.us/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.celestial.com/pipermail/linux-users/attachments/20140730/7353acda/attachment.html

More information about the Linux-users mailing list