<div dir="ltr">Lonnie,<div><br></div><div>Are your scripts picking up the user's environment variables? I've seen this failure and seem to recall that it was because the script was running without the necessary user environment. Too often cron jobs aren't sourcing everything they need.</div>
<div><br></div><div>David-</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 29, 2014 at 8:01 PM, Bill Campbell <span dir="ltr"><<a href="mailto:linux-sxs@celestial.com" target="_blank">linux-sxs@celestial.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On Tue, Jul 29, 2014, Lonni J Friedman wrote:<br>
>I'm trying to sort out the right way to use ssh-agent (using ssh keys)<br>
>from inside of shell script driven cronjobs. ssh-agent works fine<br>
>outside of the crobjob (and even if I run the shell script manually).<br>
>However, when invoked via cron, the script fails to connect to the<br>
>pre-existing ssh-agent, and ssh auth fails as a result. I've googled<br>
>quite a bit, and the advice is rather muddy. There are dozens of<br>
>super hacky 'solutions', which seem to work for some people and not<br>
>others. The crux of the problem seems to be figuring out a reliable<br>
>way of acquiring the SSH_AUTH_SOCK & SSH_AGENT_PID variables for the<br>
>pre-existing ssh-agent session that already has all my ssh keys loaded<br>
>into it. I'd like to think its as easy as running 'ssh-agent -s',<br>
>however all that seems to do is spawn a new agent session which has no<br>
>keys pre-loaded, and is effectively useless.<br>
><br>
>What am I missing here? Surely this has to work, right?<br>
<br>
</div>It's been a while since I did this. I think one way to do this is to use<br>
keys with empty pass phrase which doesn't require ssh-agent.<br>
<br>
Most of the remote cron things I do now are done via XMLRPC calls to a<br>
server on the remote machine to handle specific tasks such as running<br>
'make' in a DNS directory after updating zone files.<br>
<br>
Using rsync modules works well with the primary security allowing access to<br>
specific modules based on the IP address of the connecting system.<br>
<span class="HOEnZb"><font color="#888888"><br>
Bill<br>
--<br>
INTERNET: <a href="mailto:bill@celestial.com">bill@celestial.com</a> Bill Campbell; Celestial Software LLC<br>
URL: <a href="http://www.celestial.com/" target="_blank">http://www.celestial.com/</a> PO Box 820; 6641 E. Mercer Way<br>
Voice: (206) <a href="tel:236-1676" value="+5072361676">236-1676</a> Mercer Island, WA 98040-0820<br>
Fax: (206) <a href="tel:232-9186" value="+5072329186">232-9186</a> Skype: jwccsllc (206) 855-5792<br>
<br>
Common sense is genius dressed in its working clothes.<br>
-- Ralph Waldo Emerson<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Linux-users mailing list<br>
<a href="mailto:Linux-users@linux-sxs.org">Linux-users@linux-sxs.org</a><br>
<a href="http://mailman.celestial.com/mailman/listinfo/linux-users" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe. -- Albert Einstein<br>Visit my web page at: <a href="http://david.bandel.us/" target="_blank">http://david.bandel.us/</a>
</div>