anyone good with ssh-agent & cronjobs?

Wed Jul 30 11:42:18 PDT 2014

The problem was that I didn't know how to get the correct variables
inside the scripts.  However, I did manage to sort it all out.  For
anyone else struggling to get ssh working with ssh-agent from
non-interactive shells (cron, etc):
0) Install keychain http://agriffis.n01se.net/keychain/
1) Run keychain against your ssh private key:
keychain ~/.ssh/id_dsa
2) Add the following command to your script to souce the appropriate
variables required to connect to the pre-existing ssh-agent session
which has your keys pre-loaded:
source $HOME/.keychain/${HOSTNAME}-sh

On Wed, Jul 30, 2014 at 9:57 AM, David A. Bandel <david.bandel at gmail.com> wrote:
> Lonnie,
>
> Are your scripts picking up the user's environment variables?  I've seen
> this failure and seem to recall that it was because the script was running
> without the necessary user environment.  Too often cron jobs aren't sourcing
> everything they need.
>
> David-
>
>
> On Tue, Jul 29, 2014 at 8:01 PM, Bill Campbell <linux-sxs at celestial.com>
> wrote:
>>
>> On Tue, Jul 29, 2014, Lonni J Friedman wrote:
>> >I'm trying to sort out the right way to use ssh-agent (using ssh keys)
>> >from inside of shell script driven cronjobs.  ssh-agent works fine
>> >outside of the crobjob (and even if I run the shell script manually).
>> >However, when invoked via cron, the script fails to connect to the
>> >pre-existing ssh-agent, and ssh auth fails as a result.  I've googled
>> >quite a bit, and the advice is rather muddy.  There are dozens of
>> >super hacky 'solutions', which seem to work for some people and not
>> >others.  The crux of the problem seems to be figuring out a reliable
>> >way of acquiring the SSH_AUTH_SOCK & SSH_AGENT_PID variables for the
>> >pre-existing ssh-agent session that already has all my ssh keys loaded
>> >into it.  I'd like to think its as easy as running 'ssh-agent -s',
>> >however all that seems to do is spawn a new agent session which has no
>> >keys pre-loaded, and is effectively useless.
>> >
>> >What am I missing here?  Surely this has to work, right?
>>
>> It's been a while since I did this.  I think one way to do this is to use
>> keys with empty pass phrase which doesn't require ssh-agent.
>>
>> Most of the remote cron things I do now are done via XMLRPC calls to a
>> server on the remote machine to handle specific tasks such as running
>> 'make' in a DNS directory after updating zone files.
>>
>> Using rsync modules works well with the primary security allowing access
>> to
>> specific modules based on the IP address of the connecting system.
>>
>> Bill
>> --
>> INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
>> URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
>> Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
>> Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792
>>
>> Common sense is genius dressed in its working clothes.
>>   -- Ralph Waldo Emerson
>> _______________________________________________
>> Linux-users mailing list
>> Linux-users at linux-sxs.org
>> http://mailman.celestial.com/mailman/listinfo/linux-users
>
>
>
>
> --
> Two things are infinite: the universe and human stupidity; and I'm not sure
> about the the universe. -- Albert Einstein
> Visit my web page at: http://david.bandel.us/
>
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mailman.celestial.com/mailman/listinfo/linux-users
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman                                    netllama at gmail.com
LlamaLand                       http://netllama.linux-sxs.org