This discussion is archived
8354 Views 8 Replies Latest reply: Feb 2, 2009 1:34 PM by sdallas
Currently Being ModeratedDec 24, 2008 2:25 PM (in response to stevesant)I think you need to create ssh keys that do not use a pass phrase if you want to use rsync via cron.
Although there is a recent post about maybe starting ssh-agent in your cron job, but I don't know how you are going get your key pass phrase loaded into ssh-agent.
Maybe search for ssh-agent will turn something up.MacBook 2GHz, PowerMac Dual G5/2.5GHz, Mac mini intel Dual Core 2/1.83Ghz, Mac OS X (10.5.5), I also manage: 12" iBook G4/1GHz, iMac G4/1.25GHz
Currently Being ModeratedDec 24, 2008 4:45 PM (in response to BobHarris)In addition to what Bob wrote, you may want to limit what those keys can be used for on the host that you are rsyncing too. To do this see the "AUTHORIZED_KEYS FILE FORMAT" section of the sshd(1) file. Specifically see the following part:
Specifies that the command is executed whenever this key is used for authentication. The command sup-
plied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; other-
wise it is run without a tty. If an 8-bit clean channel is required, one must not request a pty or
should specify no-pty. A quote may be included in the command by quoting it with a backslash. This
option might be useful to restrict certain public keys to perform just a specific operation. An example
might be a key that permits remote backups but nothing else. Note that the client may specify TCP
and/or X11 forwarding unless they are explicitly prohibited. The command originally supplied by the
client is available in the SSHORIGINALCOMMAND environment variable. Note that this option applies to
shell, command or subsystem execution.15in. PowerBook G4, 15in. MacBook Pro, Mac OS X (10.5.6)
Currently Being ModeratedDec 25, 2008 5:33 PM (in response to stevesant)You may be able to make this script work by adding the following line, before the rsync command:
SSHAUTHSOCK=$( find /tmp/launch-*/Listeners -user foo -type s | head -1 )
The conditions are:
(1) You're running Leopard.
(2) There is always a user named 'foo' logged in who has SSH access to the target server.
(3) Your script runs either as 'foo' or as root.Mac OS X (10.5.6)
Currently Being ModeratedDec 26, 2008 1:07 AM (in response to Linc Davis)Thanks, that's done the trick!
For info, my key did have a passphrase, but the first time I manually opened a connection, and had to enter the passphrase, it was stored into my keychain... I'm assuming that as the cron job is running through my user account that it gets passed whatever credentials it needs to access the private SSH key.
Have a great YuleiMac Nov 2007, Mac OS X (10.5.1), It's spelt - Aluminium
Currently Being ModeratedDec 28, 2008 9:55 PM (in response to stevesant)Looks like you've resolved this issue, but it's one that I've run into recently as well. If you want to learn more about automated ssh sessions, I found the following resource to be helpful:
Currently Being ModeratedDec 29, 2008 12:46 AM (in response to noah hoffman1)I spoke too soon... it worked running from cron as long as I was logged in, but it fails if it runs while I'm logged out... I'll look at the webmonkey article... but failing that I think there must be a way of doing this, but maybe falling back to the base Darwin methods, without relying on any higher OS frameworks. Not something I'm going to be much good at!iMac Nov 2007, Mac OS X (10.5.1), It's spelt - Aluminium
Currently Being ModeratedDec 29, 2008 5:48 AM (in response to stevesant)Yes, as I wrote above, it only works if the user with the ssh-agent is logged in. Without that there is no way I know of to automate the use of a password-protected key. Just leave the user logged in.Mac OS X (10.5.6)
Currently Being ModeratedFeb 2, 2009 1:34 PM (in response to stevesant)Here are detailed instructions on how to set up public/private key pairs so that rsync can login automatically without authentication.
Note you will have to run this procedure from the account that you want to authenticate, probably root, if you are running the script from the root account. Otherwise if you set up credentials for a XXY account on each machine, you should launch the script with a LaunchAgent plist in the Users/XXY/Library/LaunchAgents folder.
hope that helps. rsync is a great tool, but it is really difficult to set up properly. This is the one time I wish I had a windows utility: robocopy. It does the same thing, but it is way easier to tell it what you want to do, and to set up authentication. If rsync simply accepted authentication credentials on the command line, that would fix this problem...
-phillipMacBook Pro, Mac OS X (10.5.4)